In one embodiment, a method includes receiving, for a user, first user authentication information for a first authentication method and receiving, for the user, second user authentication information for a second authentication method. The second authentication method is different from the first authentication method. Upon authenticating the first user authentication information and the second user authentication information, the method moves a subset of data stored on a back-end storage device to a front-end storage device. The front-end storage device is directly connected to the user via a network and the back-end storage device not being directly connected to the network. The method then allows access to the subset of data for a period of time, wherein after the period of time expires, the subset of data is removed from the front-end storage device.