User authentication should be same as that used for licensed software and/or access to funds. Kerberos-like controls considered preferable at this time.