Nearly all websites today use passwords as the primary means of authenticating users. Because passwords can be lost or stolen, most websites also provide secondary authentication: a means to allow users unable to provide the correct password to regain access to their accounts. The consequences of failure – either falsely rejecting the account owner or falsely accepting an impostor – are significant. If the secondary authentication mechanism is the user’s last resort, a false reject can mean permanent account loss. If the mechanism’s vulnerability to false accepts isn’t as strong as that of passwords, the secondary authentication mechanism becomes the weakest link and limits account’s security. The authors highlight results of prior work on secondary authentication mechanisms, emphasizing the larger problem of assembling an arsenal of mechanisms that can be customized to fit each user’s security and reliability needs.