As InformationWeek points out:
Strengthening authentication usually means adding a second factor (something you have) to an existing strong password (something you know).
The article offers five questions to help you begin designing a secure authentication strategy. They include:
- What do you need to protect? A corporate network, a sensitive database server, or a customer-facing website? You should assess what impact unauthorized access to those systems will have.
- Who will have access? Will it be employees, contractors and/or customers?
- Who manages the workstations? The article asks:
Will users authenticate to your systems only from computers managed by your IT group? If the answer is yes, then you don't need client-side software for machine signatures or certificates. However, for customers and partners, the answer is almost always no, so you're left with options that don't require touching the computer, such as user name and password, knowledge-based authentication, and message replay.