> on pattern because IT says there must be a log on. There are other ways to
> make users' data secure besides having them create usernames and passwords.
> In many cases, the data might be more secure if it is properly encrypted
> on a server rather than relying on end-users to use strong authentication.
I can see piggybacking off email or IM authentication credentials
(login-link via email) working, but that's really just outsourcing the
username/password bit, not replacing it.
Client-side certs are fantastic, but I'd never try to implement them
for regular users.
I'd be really interested if you could outline some of the other
authentication patterns that are available. Are you thinking of
replacing something-you-know with something-you-have?