Multi Factor Authentication

 I would like to define a level 1 authenticator....in this example it will be a user password combination.

Only if the user succeeds at level 1 then it would progress to level 2.

My level 2 authenticator could look for the existence of a cookie, certificate or valid client ip address. Any one of these items would be held in a data store that is related to the username that was presented in level 1. In the event that this item is missing then the user would be directed to a web page where he/she will need to answer more questions/identify images to prove that he/she is who they say they are. Only after the user passed this level 2 authenticator would they be allowed access to other systems.