Although biometrics can be an useful component for access control, the security they procure is often overestimated, as if they were a magic tool whose simple use will automatically prevent each and every type of attack. Biometrics are not secure unless they are embedded in a strong cryptographic protocol, whose design pays special attention to their specificities. In particular, smart card reveals to be an useful and efficient partner of biometrics for such a protocol. This paper reviews and discusses the most important issues raised by biometrics and presents a secure authentication protocol skeleton. ∗Work partially done within the European IST project BANCA 1