Banks are starting to use two-factor authentication for internet banking, One increasingly-popular method, used for years by people like RSA (they call it SecureID) to protect corporate intranet logins, is to have a small hardware key fob with an LCD screen with digits that change every sixty seconds. For those who’ve never seen them, they are based on a seed value and an algorithm, like a random number generator, which takes the seed and produces a random sequence. When logging in, you need to enter both your password and the current sequence of digits as displayed on an LCD on the device; the server also knows the seed and computes the correct value in the sequence to check against the one you submitted.
The obvious problem this is going to lead to is that people with several of these logins are going to have to carry several key fobs. With each one needing to be big enough to fit an 8 or 10-digit LCD screen on, that’s going to get bulky very quickly.
So, why don’t the banks get together and figure out a simple open standard, whereby you could make a widget with a screen into which you could plug five or ten tiny, half-matchstick-sized “pins”, one for each account? These would be like tiny SIM cards, and would contain the sequence-generation seed which matched the one on the bank’s servers. The widget would let you select which pin’s sequence to display, when you were logging in to that particular service. So your five or ten login widgets would collapse into one.