You can perform various type of authentication to be compliante with regulation and strong authentication like:
Soft Token, are realy interesting because everybody has a phone which should host this type of application.
PKI, based on a smart card (ISO card) or USB stick
SMS is also commun as a backup solution for Strong Authentication
RFID conbined with PIN or Password is also interesting, because you can use existing phisicall access badges for this type of authentication