A method and apparatus for strong authentication and proximity-based access retention is presented. In this regard, an authentication agent is introduced to securely communicate with a key device associated with a user to identify the user, retrieve credentials for the user, securely communicate a session key to the key device, and identify the user who is requesting access to target resource(s) based on the user's credentials while the user's key device is proximate to the target resource(s).