The purpose of all user authentication schemes, from passwords on, is to require a prospective user to prove that she really is the person she is claiming to be. The standard Unix login procedure and most secondary authentication programs validate a user’s identity based on something she knows, like a password, assuming that no one else knows it.

There are other approaches to user authentication. A user can also be validated based on something she is, that is, some unique and invariant physical characteristic such a fingerprint^[2] or retina image. Biometric devices validate a person’s identity in this way. They are commonly used to protect entrances to secure installations or areas, but they are seldom used just to authenticate users on a computer system.

A third approach is to validate the user based upon something she has. That something, known generically as a token, can be as simple as a photo ID badge. In the context of login authentication, smart cards are used most often. Smart cards are small, ranging in size from more or less credit card-size to about the same size as a small calculator. Some of ...