Systems and methods for providing variable access authentication respond to the need of a hierarchical level of security, which may include the use of multiple physically unclonable functions (PUFs) and/or the distribution of a set of authentication keys with “don't care” states. Each of the multiple PUFs can drive a separate level of access control, while “don't care” states can be included in the authentication keys when the security risk levels are lower. These two methods can be implemented independently, or in a combination for higher levels of security. At one end of the embodiment the IT manager can have backdoor capabilities if a user forgot a password, on the other end access control to an Internet device needs to be extremely stringent when the user operates in unsafe territory.