Talk:Guide to Authentication

"When used in a single factor authentication method (for example, just a thumbprint with no username or password), biometrics are the weakest form of authentication available and are unsuitable for even moderate risk applications." Biometrics is still a better single factor auth method than having a username/password based one which doesnt enforce password complexity or account lockout.

So I am removing that sentence. There are much worse implementations of single factor authentication. -

I don't know if this is strictly true: "   *  Password change**    * Password resets**

(**Low value systems only - Most medium and all high value systems should not be using passwords, and thus do not possess password reset capabilities) "

Perhaps it should read "Most medium and all high value systems should use more than one factor of authentication and should not rely exclusively on passwords."