I'm a huge fan of two-factor authentication, and it's one of those ideas that's been banging 'round my head for the past little while. It's a neat idea and works well in practice because people have always got their phones on them. SMS 2-factor auth still has one annoying barrier, and that is relying on cell phone networks to deliver the token. I hate that. I much prefer HOTP (or even better, TOTP), where all I have to do is register the secret once on my phone, and I can use it to derive the token anywhere, even in places where I don't have signal (which annoyingly, happens a lot).