A really easy way to set up multi-factor authentication for one your systems is to use the conventional username/password as one factor, and then using the SMS technology in your phone as the second factor. An example case will better demonstrate this.
User enter username/password and log in to the System
System sends a SMS message to pre-defined phone number with a code
Enter code in next step in the log in process
Log into websiteWhen you set up the account, you need to set up a phone number to pair up with the given username/password pair. To make things a little more secure, you can change things around
User enter username/password and log in to the System
System sends a SMS message to pre-defined phone number with a code
Unscramble the code manually (reverse the code)
Enter unscrambled code in next step in the log in process
Log into websiteThis might seem nice and all, but as most cool ideas, you might say the implementation is too much trouble to go through. Wrong, this is extremely easy to implement. Most mobile phone carriers now have email to SMS gateways. For a few of the gateways you can visit my previous post or just google. There are a few services popping up online that allow you to send a email to a single phonenumber@domain which will select correct SMS and send it.
For example to send a SMS to a t-mobile phone number with 123456789 you would send a email to 123456789@tmomail.net and thats just a single php function.
Good luck, this is a very easy mechanism to implement to make it harder for someone to gain illegal access to your systems.
