Biometrics have problems. The "password" is based on something I can lose (yeah, it's attached to me, but accidents happen, and I don't know how a fingerprint reader's going to react to a bad cut). (Without loss of generality, I'm going to assume fingerprints.) If used remotely, it's data going over a connection and can't be tested to see if it's a live finger. That makes it copyable, and I've only got ten fingerprints. If all of those are compromised, I can't grow another finger to get fresh fingerprints. The reader is not likely to be completely accurate, so it can be set to refuse my fingerprint sometimes or let other, similar, fingerprints work sometimes.
So, while they have advantages, they can still be lost or compromised, and there's no recovery from them.
Official certificates, I assume, are a way of associating a key pair with a real live wetware entity, or an organization of same. Given no dishonesty, this can be essentially free. Given attempts to deceive, such as me trying to associate my key pair with somebody not eminent and widely known, there's investigation costs, and you have to balance cost against certainty. Theoretically, I could be asked to come into an office with photo ID, and at that point I can get fake ID (and those can be pretty convincing), I can bribe whoever's examining my ID to let it pass, I can try to hack into the systems or communications (probably the hardest of the three), or other techniques I'm not coming up with off the top of my head.
Moreover, key pairs can be compromised, and at that time you need some sort of revocation ability, preferably one that can be easily activated by the owner under almost all circumstances, and can't be activated by the bad guy (and requiring a message signed with the key pair doesn't work here).