>Hello,
>
>Thanks for your suggestions!
>
>How are others securing their sites?
>
We use just a normal username/password combo. Some of our users are tied to a specific IP address - that is, when they attempt to log in (even with a valid username/password) I verify the incoming IP address. If it's not the allowed address (or address range) they can't log in.