IT Pagan writes: I work for a small company that has about 40 users. I am looking to move beyond Userid/Passwords and require two factor authentication — Something you have (an access card or token) and something you know (a Pin # or Passphrase). Is one inherently more secure? Is one easier to manage and maintain? Are there major cost considerations?