The DTI 2006 survey found that some 96% of large companies and 93% of all companies are still using single factor authentication to authenticate users.
There is one thing, however, which is certain – single factor authentication (passwords) is not enough. There are a number of authentication options: single sign-on is a step forward, but requires superior identity management, two-factor authentication is much better and involves the user of authentication tokens, biometric devices, etc. three factor authentication is far superior and involves something you know (e.g. password), something you have (e.g. authentication token) and something you use (e.g. device authentication) You need to be sure the device is free of any unauthorised applications such as IM, peer-to-peer or Skype, and that it is secured against current threats.
With growing numbers of remote and mobile users, EPS systems can secure those accessing the network and ensure, for example, that security policies are actually implemented on individual devices.
These are all steps on the longer road to identity trust management, where the overall level of access that you provide is based on trust in the authentication and the current level of security, of both the user and the device, coupled with location-based rules.
http://www.it-observer.com/articles/1148/identity_management_growing_challenge/