What you are trying to provide is secure Identification and Authentication (I&A). All I&A consists of one or more of what you know, what you have and what you are. Usernames and passwords fall into the what you know category. SecureID is in the what you have category, and biometrics are in the what you are category.
If you are not encrypting your connections, a simple username and password are not secure, as they are both sent in plaintext where an attacker could capture the username and password and then masquerade as that user. The SecureID, generally used in conjunction with username and password, prevents an attacker from masquerading, even if the username and password is compromised.
If a username and password is to be used alone, at least the authentication part of the connection should be encrypted using SSL or some other means (perhaps a VPN). However, there are other ways that usernames and passwords could be compromised, so using some form of token (such as SecureID) or biometric will be more secure than the passwords.
For more information on this topic, visit these other SearchSecurity resources:
Best Web Links: Authentication/Access Control
Featured Topic: Passwords with power
This was first published in March 2002