We are thinking of setting up a SharePoint solution. The problem is with authentication on the internet side so that we can allow people to access the SharePoint system from outside of the network. I realise that SharePoint come with Kerberos built in but I'm not sure this will be enough. As far as I understand it, Kerberos relies on the user knowing a long term key. If someone was to find out the long term key then the security is basically rendered useless? Discussions have been thrown around about using a 2 stage authentication process such as a token or maybe emailing a key to users. Any ideas on the pros and cons of this with specific reference to SharePoint or internet portals ?