In recent years, various authentication procedures have been used to ensure appropriate protection of and access to sensitive information and/or services. These procedures may be distinguished based on the category of information required to authenticate the user. Such categories include, for example, information the user knows (such as passwords or FINs), information the user has (such as key cards or fobs), or information about who the user is (such as fingerprints or retina scans).
For particularly sensitive information, more than one of the above types of authentication may be required of a particular user. However, the use of multiple different authentication requirements may be burdensome for legitimate users who frequently access sensitive information or services. Hence a need exists for authentication procedures that provide appropriate protection for sensitive information and services while minimizing the burden of access placed on legitimate users.