There has been much interest in quantum key distribution. Experimentally, quantum key distribution over 150 km of commercial Telecom fibers has been successfully performed. The crucial issue in quantum key distribution is its security. Unfortunately, all recent experiments are, in principle, insecure due to real-life imperfections. Here, we propose a method that can for the first time make most of those experiments secure by using essentially the same hardware. Our method is to use decoy states to detect eavesdropping attacks. As a consequence, we have the best of both worlds--enjoying unconditional security guaranteed by the fundamental laws of physics and yet dramatically surpassing even some of the best experimental performances reported in the literature.