The SecurID authentication mechanism consists of a "token" -- a piece of hardware assigned to a user that generates an authentication code every sixty seconds using a built-in clock and the card's ROM-encoded serial number. The hardware is designed to be tamper-resistant to deter reverse-engineering of the token.
A user authenticating to a network resource -- say, a dial-in server or a firewall -- needs to enter both a PIN number (something you know) and the number being displayed at that moment in time on her SecurID token (something you have). The server, which also has a real-time clock and a database of valid cards, computes what number the token is supposed to be showing at that moment in time, checks it against what the user entered, and makes the decision to allow or deny access.
While the SecurID system can add a layer of security to a network, difficulty can occur if the authentication server's clock becomes out of synch with the clock built in to the authentication tokens. Also, providing authentication tokens to everyone who might need to access a network resource can be expensive.
Other network authentication systems, such as S/Key, attempt to provide the "something you have" level of authentication without requiring a hardware token.