A number of mechanisms apart from PKI may be used to authenticate people and entities online.
Biometrics is often refered to as "three factor" authentication, referring to the objective of establishing not only what you know and what you have, but also (or instead) what you are.
Biometric technologies at a glance
NEEDS MORE WORK / CROSS REFERENCES
CURRENT BIOMETRICS
Fingerprint
Iris scan
Hand scan
Voice print
OBSOLETE BIOMETRICS
Retina Scan
Signature Dynamics
NEW BIOMETRICS
DNA
Gait
Hybrid / Fusion methods
Relationship with other trust technologies
Biometrics
PKI Note
"Authentication can be performed with three approaches: knowledge factor (something
the individual knows), possession factor (something the individual has), or
biometric factor (something physiologically unique about the individual). Biometric
technology uses a measurable biological or behavioral characteristic to reliably
distinguish one person from another. Biometrics can enhance PKI technology, and,
symbiotically, PKI technology can secure biometric technology. These PKI Notes
discuss the basics of biometric technology and its synergistic combination with PKI
technology".
Will Biometrics Obsolete PKI? A Special Report June 2001 American Bar Association, Bulletin of Law/Science & Technology.
This short paper discusses unique properties of PKI not provided by biometrics, including the ability to revoke when compromised, persistent signatures, and the ability to build open authentication systems.
While not as popular as public key methods, there are strong mechanisms for establishing authenticity through symmetric cryptography. If Alice and Bob know they have a reliable and unique shared secret (symmetric) key, then the ability for either of them to sensibly decrypt a message with that key provides strong evidence that the encrypted message came from the other party. Defence methods like the Fortezza card uses symmetric authentication in this way.
NEEDS MORE DETAIL
Setting aside the fact that smartcards and other cryptographic devices constitute "two factor" authentication, the term is often used to refer to a large class of personal authentication devices that generate a pass phrase or other login code, used to access online resources. There are three important sub-classes:
Time Syncronised One Time Password: every thirty seconds or so, the device generates a fresh pseudo random one time password. The pseudo random number generator is seeded uniquely for each specific device.
Event Based One Time Password: Again, a pseduo RNG generates one time passcodes in sequence, but instead of doing so autmatically and periodicially, the event based OTP requires a button to be pressed. It is therefore an electornic version of the "Tranbsaction Authentication Number" (TAN) card. An attempt to standardise the interoperability of this important class of devices has been organised by the OATH initiative.
Challenge Responce device: usually resembe a small hand-held calculator, into which a challenge code is typed, which is cryptogrqphically transformed into a unique response code, using keys unique to each specific device.