Simson Garfinkel provides a wonderful description of the difficulties with authentication:

Authentication in computer systems is commonly described as being based on “something that you know'’ (e.g. a password), “something that you have'’ (a token or smart card), or “something that you are'’ (a biometric). Authentication systems frequently fail because they are actually based on something that you have forgotten, something that you have lost, or something that you no longer are. Performance-based biometrics (e.g. keystroke dynamics) fail when they are based on something that you could once do well but can no longer do, or something that other people can do consistently, but you simply can’t.

I just had to share.