“Steve Gibson, of SpinRite fame”:http://grc.com/ has come up with sort of a “super-simple variation on the little RSA keyfobs”:https://www.grc.com/ppp.htm where you instead carry around a little business card that you can print up yourself that has a bunch of possible second-factor entries you can use for auth.
The part that makes me laugh a bit is that it is–as you might expect if you remember the ads for SpinRite back in the day–a Windows .DLL coded in assembly.
John Graham-Cumming has “a C implementation of the scheme”:http://www.jgc.org/blog/2007/10/open-source-implementation-of-steve.html. He also has a three-letter domain name. Coincidence?