I have an upcoming requirement to implement two(2) factor authentication in an application currently deployed on Seam 2.0.1. I thought I would check to see if anyone has any good ideas on how to implement this. We will most likely migrate to Seam 2.1.X before this and use the new 2.1 authentication and authorization.

The application houses some sensitive financial information that requires a bit more security than a simple username and password login.

The current requirement discussions are around having a list of questions the user answers when first creating an account or a more complicated approach of uploading an image the user would use to compare with a previously uploaded image (i.e. the image becomes the authentication key). I haven't begun design yet, so I thought I would ping the community on some ideas.

Thanks for your thoughts.