The inability of humans to generate and remember strong secrets makes it difficult for humans to manage cryptographic keys. To address this problem, numerous proposals have been put forth to enable a human to repeatably generate a cryptographic key from her biometrics, where the strength of the key rests on the assumption that the measured biometrics have high entropy across the population. In this paper we show that the practical security requirements for such schemes remain poorly understood. To address this we reexamine two well known, yet sometimes misunderstood, requirements and present another that we believe to be necessary for practical biometric key generators. We also analyze three published schemes in the context of these requirements to show that each has significant practical importance. For example, in one case we show that failing to meet a requirement results in a construction where an attacker can successfully guess 22% of ostensibly 43 bit keys in one attempt. In another we show how an attacker with access to a cryptographic key can completely compromise a user’s privacy by reverse-engineering that user’s biometric.