This Guideline describes the primary alternative methods for verifying the identities of computer system users, and provides recommendations to Federal agencies and departments for the acquisition and use of technology which supports these methods. Although the traditional approach to authentication relies primarily on passwords, it is clear that password-only authentication often fails to provide an adequate level of protection. Stronger authentication techniques become increasingly more important as information processing evolves toward an open systems environment. Modern technology has produced authentication tokens and biometric devices which are reliable, practical, and cost-effective. Passwords, tokens, and biometrics can be used in various combinations to provide far greater assurance in the authentication process than can be attained with passwords alone.