RSA Security that plugs into a USB port and works with my ID and password to authenticate me and my computer. They won't tell me how it works, but I figure it sends a fresh code to the other side every time I log in. Even if it is hacked, the hack would only work once.

Had it for years, and the early versions were reported to be hackable, but it's used by at least the government agency I work for, and probably others.

Or run through the laundry. Or forgotten at home, which you discover at your destination.
I had a card for logging on to my work computer. It was a PITA. And I still had to use a password, in case the card was stolen.
That sort of defeated the object of having the card in the first place.

I have an RSA token for logging in to my brokerage accounts. It can be a pain.

My work laptop has an RSA soft-token which accepts a PIN and generates a 10 digit code to connect to the VPN. When in the office, I only need my user name and password.

It's a good thing I can remember numbers better than names.

just awesome.

gotta say i'll be glad to see the password go but it won't be that easy. there will be a place for passwords as long as hackers (in the original sense of the word not the pejorative) use keyboards and command lines. it takes like two seconds to type it in doing ssh or sudo or whatnot.

my prediction is innovation in cryptography of the sort that can defy quantum computers. so nothing based on factoring. more likely combinations of crypto algorithms like we already see.

and it also doubles as a scroll bar in portrait mode. It also has a smart card slot which is basically the same thing that they are promoting here. Fujitsu has had them since 2005.

By two factor, I mean that of the three types of authentication you can do (show something you know, like a password, show something you have, like a key, or show something you are, like a fingerprint), you should provide two of them.

So instead of just a password, you use a password and a cryptographic dongle, like that RSA dongle. Or you use a password, and swipe your finger on the fingerprint reader. Your smartphone's useful as a key - for my Google account, when I log-in from a strange computer, I have to enter both my password and a code from the Google Authenticator app on my phone, which changes every minute. Or if you're only logging in from one PC, the system stores a cookie on that system, and can identify it that way, so your computer is your second factor.

That makes it harder to hack into your stuff.

Passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe. Google agrees. Along with many in the industry, it feels like passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe.

Thus they’re experimenting with new ways to replace the password, including a tiny Yubico cryptographic card that — when slid into a USB (Universal Serial Bus) reader — can automatically log a web surfer into Google. They’ve had to modify Google’s web browser to work with these cards, but there’s no software download and once the browser support is there, they’re easy to use. You log into the website, plug in the USB stick and then register it with a single mouse click.