The problem of permitting remote access to systems is a perennial one for IT managers, made more troublesome by the need to identify partners or customers for e-business.
There are many systems that promise to identify particular groups or individuals, and security experts divide them into three types. These types are those that check for something that a valid user must possess, such as a key or a card; those that check for something that the user should know, such as a password or PIN; and those that check for something that the user is, by inspecting a biometric factor such as a fingerprint or voice sample.
Many security systems combine the first two methods  for example, a cash machine requires both a card and a PIN. On the Internet, cookies can be used as a substitute for a card but, in general, the difficulty of issuing secure tokens means that online authentication often rests on only one of the three classes  something that the use knows, typically a password.
