Will biometric security harm users?

Science fiction movies took a wrong turn in 1991. Previously, sci-fi customarily warned about the dangers of allowing technology to overtake humanity. It also warned us about bogeymen who usually turned out to be "commies from outer space", but that is probably best forgotten.

Things went pear-shaped with the release of Terminator 2, in which the warnings about an apocalyptic machine-run future got lost somewhere behind lots of explosions, special effects and franchise shoot-em-up games.

Microsoft is not well known for explosions or special effects, and I'm not sure how many of its employees have seen any pre-1991 sci-fi. However, the company has launched a keyboard that uses biometric data for authentication, the nattily named Optical Desktop Elite with Fingerprint Reader for Bluetooth. And it could spell doom for mankind. Well, sort of.

The manual states it is not intended for security purposes but for convenience. But what if you call in sick and a colleague needs a file from your machine? What if your hands get dirty? Will office workers have to become dirt-free obsessives like Howard Hughes?

Apple Computer introduced voice-pattern access into its operating system years ago but almost no one uses it. The reason? Unlike your voice, passwords still work when you have a bad cold.

Yet many people persist in believing that biometric access can be relied upon for security. Biometric data, I am told, is secure because it is "locked" to your body, while passwords can be acquired from you in underhand ways. The word "locked" is misleading, though. A determined hacker will always find a way, giving rise to some scary scenarios.

One scenario is taken from classic sci-fi. For biometric access to work, your fingerprint profile data has to be stored on a computer, where it can potentially be stolen or altered. In sci-fi stories, you then enter a Kafkaesque nightmare in which you are locked out of your own car, home and bank account. When you go to the police, your biometric records confirm that you are in fact Osama Bin Laden.

The other scenario is equally dramatic. If someone is desperate enough to steal your fingerprint, they may take violent steps to acquire an actual finger. Remember, we already live in an era in which muggers will stab you in the heart for a mobile phone.

Most worrying is the fact that biometric parameters are largely permanent. This is a limitation, not an advantage - if someone learns your password, you can change it, but you can't change your fingers if a criminal manages to replicate your fingerprint.

Though biometric access devices have been niche systems until now, Microsoft's move may unwittingly give the technology mainstream respectability.

Microsoft's own warning that the Optical Desktop Elite is not a security product will go unheeded. Biometric systems will be accepted as indisputably secure, and we will bring the day of digital identity chaos upon us sooner than the sci-fi writers feared.