We consider three "accepted truths" about iris biometrics, involving pupil dilation, contact lenses and template aging. We also consider a relatively ignored issue that may arise in system interoperability. Experimental results from our laboratory demonstrate that the three accepted truths are not entirely true, and also that interoperability can involve subtle performance degradation. All four of these problems affect primarily the stability of the match, or authentic, distribution of template comparison scores rather than the non-match, or imposter, distribution of scores. In this sense, these results confirm the security of iris biometrics in an identity verification scenario. We consider how these problems affect the usability and security of iris biometrics in large-scale applications, and suggest possible remedies.