Many IT systems including Windows AD and others start the problem by enforcing not only long complicated password schemes (aka 6 letters, 1 cap, one symbol, one number) and making them change every 45-90 days. While this sounds like a nice thing, the average end user will then forget their password and ultimately just write it on a post it note and tape it to the keyboard (trust me, I run and IT department and see it all the time).

As Michael notes their are biometric systems out there. A simple thumbprint reader cost under $30 and works well in storing passwords. However, most of these systems just save passwords and automatically type them once you authenticate. While this is good, it also leads end users to forget their passwords should the device not read your thumb, and cause issues every 90 days when you need to update passwords due to the above mentioned systems. The weakest link with thumbprint readers is most have an override password should your thumbprint fail and people use simple passwords for those which once cracked can lead someone to view and print all of your passwords.
Another option is random digit keys that update a unique second authentication factor every 30 seconds. This makes you type in your password, plus a second number that this "key" generate and changes every 30 or so seconds. This makes your system secure as long as your end user keeps the "key" on them so even if their password is known the system won't allow a login.
There are other that authenticate based on picture (aka the system must recognize you) and systems that need a physical "key" attached to the computer and use this "key" as a second layer of authentication.

In closing, there are many systems out there, but in my humble opinion to be secure you must use a multilayer security system that relies on more than just a long password.

I have heard of the biometric systems but i guess I didn't realize that if the thumbprint scan failed you could just type in a simple password and then it authenticates the system that quickly. Our hospital just adopted the policy last year of 7 word and two numerical pass words and it's mandatroy switch of passwords every 90 days or sooner if you wish. Before that i probably used the same password for more than 2 years. They also really starting to limit the number of things that our employees have access to within our hospital within our main frame and I think it is long over due. Many associates were accessing things such as medical records that they shouldn't have been looking at.

I must admit that I'm guilty of writing down my passwords. Since most facilities use mulitple software programs for multiple purposes, a single employee may have 3-4 different passwords. When you have to change each of those passwords every 90 days, it's easy to get them mixed up (espcially when you add in your own pin codes for your bank, long distance number, personal email, etc.) The bio-system sounds very interesting in that it might make access much easier while ensuring appropriate security measures.

Actually, proximity badges work pretty well for us. Each team member has a badge. When they approach a computer it automatically logs them on to that machine and then logs them off when they leave. It's reduced the password problem significantly.

We are currently implementing a single sign-on product for our physicans. This will streamline the password process for MDs trying to access the multiple systems that are in out enterprise. They will only have to have one password to enter the HIS, Electronic Medical Record, PACS etc. This is a preliminary step to installing the biometrics.
Whatever systm is used for security, it is a good idea to have an outside vendor test security of data periodically to insure that inappropriate attemts at access are denied.