How will you verify that the person on the other end of the link is who he says he is? Should you use a simple password scheme, hardware tokens, or multi-layer authentication?