Before you succumb to this line of thinking, remember that an authenticated user is only the beginning of an authentication system; access control and accounting are what makes such a system effective.
Without all three processes, you're simply Band-Aiding. Effective authentication requires effort; whether you call it internal identity management or a unified authentication management (UAM) system, the principle is the same: Combine authentication, access control, and user accounting to build a policy that governs and tracks who can access what, where, when, and how. This should be the beating heart of any corporate IT security policy, and relegating it to a password list is simply begging for trouble.
The link for this article located at ZDNet is no longer available.
