3 things can uniquely identify you to a system:
- something you have
- something you know
- something you are
"Something you have" refers to a physical object that you own, such as a card or a (real-life) key. Smartcards have been put forward for years as the solution: you have a small card, the size of a credit card, which contains your unique private key. The difference between that and your average credit card is that the smartcard contains an on-board processor, and more physical protection (shielding) to stop attacks based on electromagnetic radiation. Read Ross Anderson's "Tamper Resistance - A Cautionary Note" to see some issues with smartcards.
One of the problems with smartcards is that to use them, you require a card reader - these are not supplied with your average computer, and these devices will take time to reach mass market (unless they can be promoted like DVDs, which are now part of the standard computer package I see advertised in magazines). An alternative is a small 'key' that you plug in to your USB port - something that most computers now have - and performs the same functions as the smartcard. An example is Rainbow's iKey. Other likely technologies include the secure digital memory card, and Sony's memory stick.
"Something you know" - this refers to a passphrase, or password, that only you know. Although the brain is fairly tamper-resistant, most people are unable to remember the random sequence of digits that a strong password requires. Thus, they either choose a weak password (such as their car numberplate, or the word "elephant" or even "password"), or to remember the password, they write it down, and keep the written password close to their computers. Password problems are accentuated by the fact that you must regularly change the password (e.g. every 3 months) to preserve the security of a system. Most password schemes are flawed in that the passwords can be obtained using a "dictionary attack", where the cracker compares the encrypted password to a database of pre-encrypted passwords and deduces the plaintext password when the 2 match. Holes in operating systems, bugs in software, and even careless coding in CGI scripts all mean that it is relatively easy to obtain a list of encrypted passwords on most systems.
"Something you are" - this refers to your unique genetic identity, and is measured using biometric devices. Examples are fingerprint scanners, and iris or retina scanners. To avoid false positives (people incorrectly being identified as you), there must be enough degrees-of-freedom in the analysis.
For example, the iris scanners initially developed by Dr John Daugmann, divide the iris into about 200 odd segments, and match the patterns within those segments. He uses 2-dimensional Gabor wavelets to analyse the patters, due to their favourable mathematical properties: Gabor wavelets are invariant under rotation, dilation and translation. So for example, it doesn't matter if your eyes are 2mm closer to the scanner than before, because you can normalise the wavelets. His iris scanners also send out imperceptible flashes of light, to check that the eye responds, i.e. the eye is alive - this is intended to prevent criminals from stealing peoples' eyes to break into their accounts. Unfortunately, these devices are fairly expensive, so do not expect to see them widely available within the next few years.
People are also wary about their details being stored in databases - where physical and/or network security problems could lead to their unique identity being compromised.
As you can see, there are a vast number of issues associated with authentication. It is unlikely that anyone will come up with an infallible solution - as always, there is the trade-off between convenience and security. Privacy and security issues are set to become two of the most hotly-debated topics over the next few years.