Requiring two forms of remembered information are both the same type of authentication, and is at best, no stronger than a single password of the combined length. In practice, as at least one of the pieces of remembered information is often keyed by a prompt, the second password is generally much weaker if at all meaningful.