Companies could decide to greatly reduce the number of employees with remote access to the network. They could restrict most employees to remotely access only their e-mail through a Web application. It simply may be too expensive to grant remote network access as a default privilege. But employees not being able to get to their files on the network may result in lost productivity.

Banks could start charging customers to use online banking to pay for the increased administrative costs of two-factor authentication. Customers would probably welcome this as much as they did the chance to pay ATM fees. The result could be fewer online banking customers.

Some privacy and security leaders say it's time to take another look at the situation. They're asking two main questions:

-- What risks are we actually trying to mitigate with these new regulations?

-- Are there other ways, besides traditional two-factor authentication, to combat these risks?