I'm typically less interested in rumors about what Apple may or may not be doing than problems that need to be solved and how Apple could address them. OLED and Touch ID on iPhone 8 is one of those problems.
Financial Analyst and supply-chain spelunker, Ming Chi-Kuo, as quoted by MacRumors:
Apple may switch to a film sensor from the current FPCB sensor in order to provide better 3D Touch user experience, as a film sensor offers higher sensitivity. Also, we expect the new OLED iPhone will come with a flexible OLED panel. To avoid deforming the form factor of the flexible OLED panel from touch operation pressure, a metal structural part will be placed under the film sensor to provide more robust structural support.
Here's the thing: 3D Touch, as currently implemented on iPhone, is dependent on the LCD screen's LED backlight. The LED is what measures the deformation of the glass under pressure and provides that data to iOS. Take away the LCD by switching to OLED technology, and you take away the LED. Take away the LED, and you take away the current implementation of 3D Touch.
So, if Apple is indeed switching to OLED for iPhone 8 they, by necessity, also have to change how 3D Touch works on iPhone 8. That's not a huge deal — Force Touch on Apple Watch uses a different implementation of pressure sensitivity, and Force Touch on the Mac Trackpad another implementation different than both. There are numerous ways to make pressure sensitivity work, Apple will simply use the one that best fits the requirements of the device.
Same with OLED. There are numerous screen technologies, including LCD, OLED, and Quantum Dot. They're also just implementation details. Apple, again, will use the one that best fits the device. Earlier on, that was LCD for quality. (PenTile sub-pixels were not a good thing.) Then it was LCD for 3D Touch. If Apple wants to do something LCD can't do, like gett thinner, more energy efficient, and curve the display, the OLED begins to win out. (Especially newer, better OLED.)
It's similar to NFC and why it's not opened up on iPhone. Apple considered NFC going back to the iPhone 4/s days but back then it was a chipset Apple doesn't do chipsets, they do feature sets. In other words, Apple doesn't do NFC, they do Apple Pay. That's why NFC was never added to iPhone — Apple Pay was. NFC was just an implementation detail. Maybe one day it'll be opened up or will enable additional features, but Apple Pay got it in there.
Judging by the bio-recognition patents that Apple has applied for, we believe it is leaning toward facial recognition technology rather than iris recognition. However, we note that the technical challenges of facial recognition include: (1) algorithms; (2) hardware design; and (3) the build-out of a database for verification and authentication, which could be time-consuming. As such, before Apple can fully replace the fingerprint system with facial recognition, a combination of the two steps of bio-recognition could be a valid solution for enhancing transactions security.
Apple patents everything, so it's tough to read too much into them. That said, biometrics aren't security — they're convenience. They aren't passwords — they're user IDs.
Biometrics aren't security — they're convenience.
Also, two-steps don't enhance security, they enhance complexity. Two factors enhance security. Biometrics are both "something you are". For a second factor, you'd need to require the password as well for "something you know".
One of my biggest requests for iOS remains the ability to choose to require both a password and biometrics, be that Touch ID or any technology Apple may add in the future. That would enable true two-factor for device access.
You could also throw in a third factor — trusted device proximity with Apple Watch — for those who want full-on three factor. Then you'd have "something you are", "something you know", and "something you have". Best of all, with the way Touch ID and Auto Unlock are already implemented, they're virtually transparent.
Two-factor, even three-factor, would essentially be as easy as one — password.