A practical decision system is developed for finding the adequate authentication level based on desirable security criteria and alternatives. Even though the notion of lightweight security is acknowledged, the process of determining when to use it instead of strong security is not well understood. The process of making such a decision can be very complex. By defining an overall security goal and a set of criteria with corresponding alternatives, the Analytic Hierarchy Process (AHP) is used to select the most suitable, preferred (and thus, adequate) authentication level, which is demonstrated by a realistic case study.