The first step most companies take is to implement a "converged" employee badge with both physical access to facilities and "logical" access to computers and networks on one ID card. The employee ID becomes a second authentication factor, in addition to the username and password, to access information systems. This is much more secure, because even if someone manages to steal a password they cannot access information without the ID. Windows 7/Vista/XP from Microsoft all support smart cards for logon security, email encryption and digital signature.
To take it to the next level, companies can also implement biometric access control. Biometrics are very convenient for users, because it replaces a PIN code. Fingerprint is the most popular biometric for access control. Smart card-based identity credentials or tokens are a good way to implement biometrics-based access control, because the biometric identifier can be securely stored in the card. This way the owner of the card always has the biometric information needed for access in their possession and is not dependent on any type of network access for it to work. You need a device to present the fingerprint biometric to doors, desktops and laptops . For PCs, this can be a separate USB device, or it can be integrated in keyboards, a mouse or a laptop. Windows 7 from Microsoft added built in support for biometric-based authentication using .NET smart card technology.
See also, What is biometrics?