Sure, but nobody can pre-emptively mandate you use facial recognition on your personal communications device, and then put sensitive information in there. I can see a situation in a repressive country where if you buy a phone they set it up with facial recognition in the store and make you activate it, but then you know not to store stuff there. You could just physically damage the camera at a later date and claim you weren't able to make use of that any more.
I've a device (Onyx BOOX) which apparently can only be password-secured if I create a vendor-based account on it. (I've been trying to see if this is bypassable, so far, no dice.) That's not biometrics, but it's a case of being strongly limited by a system architecture.
If you're using a device at the obligation of an employer, you may well find that it has, and/or organisational policy requires, biometrics.
It's increasingly difficult to find devices that don't include some form of biometrics-based functionality. The notion that that becomes the primary or only means of securing access is not entirely far-fetched.
Capabilities, possibilities, and dependencies have a really funny way of becoming hard requirements over time.
I could speak the Celtic of my ancient ancestors or communicate in cuneiform or ancient Egyptian hyroglyphics, if really wanted to. My ability to integrate and participate in modern life would be quite limited. The online and digital world are rapidly approaching this state.
Face ID: https://support.apple.com/en-us/HT208109
Fingerprint Readers: https://www.samsung.com/us/support/answer/ANS00082563/
These are extant, and either part of or required within numerous presently-used systems.