What's a good authentication method for Java?
Not one authentication solution is perfect. Java security expert Ramesh Nagappan says multifactor authentication is the most secure method.
If you are seriously looking for a trustworthy authentication solution equivalent to a face-to-face verification by a security official, then you may need to consider multifactor authentication methods commonly referred to as strong authentication. This means verifying a person's identity credentials using his/her proof-of-knowledge (password, PIN, mother's maiden name), proof-of-possession (Smartcards, Drivers license, Digital Certificates) and proof-of-physiological/behavioral characteristics (biometrics).
Using any two or more of those authentication mechanisms often is considered a good authentication practice. In Java/J2EE environments, Java Authentication and Authorization Service (JAAS) plays a vital role for implementing authentication mechanisms within Java/J2EE applications. It also allows multiple authentication chaining for enabling a multifactor authentication-based single sign-on solution. For implementation details, refer to my article, "Building Biometric Authentication for J2EE, Web, and Enterprise Applications," on biometric single sign-on authentication in a J2EE environment particularly using JAAS.