Just found an interesting authentication solution:
“With Entrust IdentityGuard, users continue to employ their current user name and password, but are also provided with a second physical form of authentication based on an assortment of characters in a row/column format printed on a card. A user must successfully complete a coordinate challenge to demonstrate that they are in possession of the appropriate card.”
That doesn’t look bad – in comparison to all the other two factor schemes, this one is – I would imagine – reasonably cheap.
It also solves a lot of other issues with systems like RSA’s SecureID – distribution is much easier, loss or theft is less expensive, you can fax a replacement to some remote location.
A colleague just came up with a nice remark: he said that you should of course change the card often. My response: why not print a new one on your monthly salary report?
I like that.