The are four factors of authentication, these are:
- Something the user Has
- Something the user Are (Is)
- Something the user Can Do
- Something the user Knows
The more factors of authentication you use the harder it is to compromise a system.
There is a cost/benefits that must be worked out. Simply put, your security controls have to equate to your risk profile. You aren’t going to have multi factor authentication on your free online game, as opposed to the multi factor authentication on your online financial web portal.
More Info: Authentication in an Internet Banking Environment by the Federal Financial Institutions Examination Council.