We know how to build secure systems but for security measures to be truly effective it is necessary to use keys which are far too large for people to commit to memory. The consequence is that people avoid using security measures or they resort to recording their key information somewhere which they find convenient to access. If any kind of barrier to unauthorised access to this store is used, it is invariably a username and short password or PIN combination. This compromises the effectiveness of primary schemes by presenting an intruder with a weak point to attack. This paper describes a hybrid scheme incorporating an electronic token and biometric verification. The scheme eliminates the need to rely on users’ memory so it can use keys which are long enough to be effective, yet it is also quick and convenient in use and could be adopted anywhere that presently uses username-password arrangements.