Recent advances in smart grid technologies have enabled additional distributed control paradigms that allow more efficient and reliable operation. However, this creates new security concerns for the grid, such as attackers using spoofed grid control devices to generate false measurements. This paper introduces a two-factor authentication protocol leveraging standard public-key cryptography as one authentication factor and a hardware-based fingerprint, known as a Physical Unclonable Function, as a second authentication factor. This protocol incurs a small overhead and prevents cyber-attacks even when an adversary is able to compromise the cryptographic keys stored in the non-volatile memory of an intelligent control device.