I am currently working on a dual-authentication method for remote access dialup users to meet a security audit requirement. From my research I have found that eap-tls would probably be the best method for securing the dial access authentication but I want to verify some things. Would using eap-tls with a security certificate truly be considered dual authentication? Or would I actually need to look at the smart-card as a viable component to this solution? I have found little suggestion one way or another from research that I have performed. Based on a Microsoft review they claim that certificate based in only single-factor authentication while smart-card is two-factor.

Thanks for any suggestions.

David