One embodiment of the present invention provides a method for authenticating an identity of a user in order to secure access to a host system. In this embodiment, the host system receives an identifier for the user from a client system. This identifier is used to retrieve a template containing biometric data associated with the user, and this template is returned to the client. The client then gathers a biometric sample from the user, and compares this biometric sample with the template to produce a comparison result. Next, the client computes a message digest using the template, the comparison result and an encryption key, and sends the message digest to the host system. This computation takes places within a secure hardware module within the client computing system that contains a secure encryption key in order to guard against malicious users on the client system. Next, the host system receives the message digest and authenticates the user by determining whether the message digest was computed using the template, the encryption key, and a comparison result indicating a successful match between the biometric sample and the template. If so, the host has confidence that the client has successfully matched the template with the biometric sample, and the client is allowed to access a service on the host system. By requiring the secure hardware in the client system to include the template in the message digest, the host system can guard against a malicious user who substitutes another template to gain unauthorized access to the host system. In a variation on this embodiment, the host system retrieves the template from a centralized repository for templates.