We have all faced the scenario before. You get to the cash point, confidently put your card in the slot and then realise you've forgotten your Pin. This is a daily occurrence in the IT industry, except it is passwords that are forgotten, not Pins.

This can severely weaken a company's security. How many of your users choose weak passwords, use a password that is the same as their user name or, worse still, write the password down so as not to suffer the embarrassment of another helpdesk call?

Biometric security systems are designed to overcome this problem, because they rely on a user's physical characteristics, such as fingerprints or the patterns on their iris. But there are some disadvantages to biometric security systems, which more often than not revolve around the way data is collected.

Taking the fingerprints of staff is not likely to improve morale - they might feel Big Brother is looking over their shoulder - and the associations with criminality worry a surprising number of people. Moreover, few people look forward to having a laser shone in their eyes.

A huge database containing this sort of personal information would unnerve staff. If such a system were to be compromised, the results could be devastating.

Despite this, it is clear that simple password authentication will not be sufficient in the future. More and more online resources require authentication.

Digital drawbacks

Another reason for the increased interest in biometrics is the awareness that digital certificates, the basis for most secure online transactions, are not as secure as once thought. They also suffer from a lack of standards.

In the future, transactions may require a biometric match to unlock a digital certificate provided by a mutually trusted third party that guarantees the identity of the user.

The fingerprint is ideally suited to this: it cannot easily be separated from its owner, it can be scanned with little effort and, when combined with the correct scanning technology, offers a high level of security.

Siemens offers desktop and laptop computers that incorporate a fingerprint scanner and a smart card reader. A user must insert the card and scan their fingerprint to gain access. Ultimaco has a similar external device, the SafeGuard Biometrics SmartCard Reader.

Setting up the device is relatively easy - the USB finger print scanner can be plugged into the nearest available computer. After an obligatory reboot, instead of the normal Windows login, the SafeGuard login screen asked for our fingerprint. Although it was the first time we had used it and had no fingerprints stored, we got around this by logging in as usual.

In the Program menu there is an enrolment option. The smart card is inserted into the slot and an initial Pin code entered for extra security. The enrolment option then asked us to specify which finger we would use for access. Once our fingerprint was scanned three times, the data was written onto the smart card.

We tested whether the enrolment worked by logging back into Windows. It didn't. No matter how many times the reader tried to scan our fingerprint, there was no success. Eventually the reader blocked the smart card, and we had to revert back to logging on as normal, defeating the object of the whole exercise.

Built-in biometrics

Some laptops and monitors have built-in cameras, and keyboards and mice are available with fingerprint scanners. These built-in biometric devices should increase the likelihood of acceptance among users and administrators.

Because laptops usually come with a microphone, voiceprint recognition is a strong option for mobile users. But as well as the limitations that ambient noise poses, users may feel awkward talking to their PC in public (except when it crashes, of course).

The alternatives - a camera or a fingerprint scanner - are mostly external devices, although some Acer and Compaq laptops come with a built-in fingerprint scanner.

Nevertheless, don't throw away your passwords just yet. Biometric systems aren't a cure-all. They may provide a strong alternative to password authentication, but the client isn't the only way into your network.

Back-end systems that host biometric security systems are just as susceptible to online sabotage. If your servers go down or your registrations are damaged, your employees and customers can't log on. In a worst-case scenario, you will need to meticulously rebuild all your user profiles before full service can be resumed, which is not a very desirable prospect.