You heard " The Man" , Bill Gates at RSA 2006 -
"Another weak link, is in authentication. Today we are using password systems, password systems simply wont cut it, in fact they are very quickly becoming the weak link.” … “We need to move to multifactor authentication, a lot of that will be a smartcard type approach, where you have a challenge response , you don’t have a single secret..”
So - seriously, when you are starting your "Password Elimination Project"? I know of a few unnamed customers moving towards this today and have chosen Smartcards to replace the standard userID\Password across the enterprise. Unsurprisingly, this does not come easy.
If you are working on this, or thinking about moving towards this - I'd love to hear from you. Either via comment or direct email to me.
I already have a good deal of info about this type of project , but need to compile and sanitize the data before I post it here. I would love this to be a collaborative community discussion w/ gotchas and ideas.