2.9.1-3 Auxiliary Tests to Authenticate User Identity

When system security requires more stringent user identification than is provided by password entry, auxiliary tests should be devised that authenticate user identity without imposing impractical demands on the user's memory.