Abstract Small and medium sized businesses cannot afford the luxury of purchasing expensive token-based two-factor authentication products, so they rely mostly on user names and passwords as methods for remote access security. The reliance on user names and passwords as methods of security is a weak strategy; therefore small and medium-sized businesses need to add an extra layer of security in order to strengthen their security stance. This research study is based on an experiment performed for an accounting firm to introduce two-factor authentication based on the PhoneFactor technology solution. PhoneFactor is a cost-effective and viable product that provides the added layer of security by using the telephone system as a second-factor of authentication.