User name and password solutions are termed single-factor because you only use something that you know to access the network. Multi-factor authentication systems overcome the issues of single-factor authentication by a combination of requirements, including:
Something the user knows, such as a password or personal identification number (PIN).
Something the user has, such as a hardware token or smart card.
Something the user is, such as a fingerprint or retina scan.
Smart cards and their associated PINs are an increasingly popular, reliable, and cost-effective form of two-factor authentication. Users must have their smart cards and know the PINs to gain access to network resources. The two-factor requirement significantly reduces the likelihood of unauthorized access to your organization's network.
Check out this article on how to enable smart card authentication for VPN connections over at:
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer