Here are some guidelines that I found in a recent similar situation. I think what you might be looking to satisfy is possibly multi-factor authentication' Pass phrases will not satisfy this because tenents are:
'Something you know', such as a password, PIN or an out of wallet response. 'Something you have', such as a mobile phone, credit card or hardware security token. 'Something you are', such as a fingerprint, a retinal scan, or other biometric. http://en.wikipedia.org/wiki/Two-factor_authentication For the web, we were looking into mutual SSL a.k.a. Client Side Certificates 'Something you have' in addition to the password 'Something you know'. As yet, I'm not sure how effective it is or what the gotchas are. HOW TO: Secure an ASP.NET Application Using Client-Side Certificates http://support.microsoft.com/kb/315588 SSL https requests with client certificates from ASP.NET http://blogs.msdn.com/adarshk/archive/2004/07/19/187667.aspx =================================== This list is hosted by DevelopMentorĀ® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com
