Bell Labs has developed a two part authentication system that seems to be very promising. It's actually 2 pieces of software, and it stores all of the user credentials on the network (software piece #1) instead of the client machine. The second piece of software resides on the client machines and is used to enter a username and password. It then sends a request to the network to retrieve the key, which resides in RAM instead of the hard drive. Bell originally developed this as a part of their 'Plan 9' OS (why they named it after a b-grade sci-fi flick I'll never understand), but are distributing it for free and say that it can easily be ported to unix, windows, linux and solaris. Read the article from eweek magazine or take a look at the download site.

eweek:
http://www.eweek.com/article2/0,3959,447880,00.asp

Bell Labs Plan 9:
http://cm.bell-labs.com/plan9dist/

EDIT: IF you can get your hands on the print edition, the article there is much more detailed than the online version.