Roger Grimes makes an interesting point in his post today over on InfoWorld. Advanced authentication methods are great for enhancing security – but to implement technologies such as smart cards, tokens, and biometrics effectively, you need to understand how Windows authentication actually works. Otherwise, your expectations of what advanced or multifactor authentication can provide might be unrealistically high. Better authentication won’t necessarily prevent all types of attack or intrusion.
Read more here: