The combination of user name and password
has been the de facto mechanism for securing resources and identifying users since the computer moved from being a back-office phenomenon to every workstation in the company.
When it was devised as a means to secure the system, the likelihood was the few users who needed them would have a single password to remember (and they probably still wrote them down).
Today, if you have fewer than two dozen accounts which require a password, you're a very lucky person. Try enumerating yours right now. I have 12 tabs open in my browser right now that are password-protected.
This is unsustainable. Under these circumstances, in order to have a semblance of productivity, users must use duplicate passwords, use simple passwords, or record them in hard copy. (You've got a sticky note on your desk right now with at least one password, don't you?)Tarun Khandelwal of CA recommends an extra, transparent layer of protection
for the network
to avoid theft or breaches, but that addresses protecting the network. It does not address the unsustainable burden this schema puts on the user.
This day of the password is over. We have to move to a more sustainable process for identifying users and their rights on the system. Biometric systems are becoming more practical every day, and may be at least part of the solution. Used inconjunction with, say, an NFC or RFID token, two-factor autherntication is quick and easy, with something you have to bring to work anyway: an entry fob and your fingerprint.