We currently are using the Win2k VPN as well as a Watchguard Firebox II. On the Firebox, there is a client so that the user must know something (user/pass) as well as possess something. We are interested in the same security for the Win2k VPN. Asit stands now, the user simply must know a user/pass. We have looked into certificates, but are more interested in the security of authentication and not necessarily the security of communication. Any suggestions as to two-factor authentication? Thanks!