I have been waiting for years a computer security company to pull their head out of their ass and make a security device that's easy to use and cheap. It has happened.
Most people use the same or similar passwords for all they online accounts. There is almost no way anyone can guess your password because it changes very time you use this token. Every time you push the button on the key-bob it displays a new random number. You use this random number as your password. Anyone trying to guess your password has exactly a 1 in a 1,000,000 chance of getting it right. Add a password to this and the odd become fantastically high.
With a MyPW token you can access any MyPW enabled services and thousand of OpenID enabled web sites. Here is how it works.
When you login to a MyPW enabled website or one using OpenID, your password authentication request is redirected to a MyPW server. MyPW.com verified your random number and returns a good or bad signal back to the requesting process.
Let us say you have a Linux system at home and you'd like to access it from work. You know they monitor the office network. They could capture your network traffic and capture your password. You might even be using SSL to encrypt your data but if you don't check the ID of the certificate you get back you may be going through a company proxy and they are decrypting your traffic. This is legal because you are using their network.
Order your token. You install the MyPW PAM module. (I've had a little trouble getting this part done. You have to compile the code.) You then edit the file /etc/pam.d/xmlrpc.conf and add your ID and token info to the file. It will look like this.
mark mysite aslk1u401da2901 5999999 https://services.mypw.com/RPC2
After you compile and install the PAM Module you'll need to sign-up for our Free API access account and a Token or MyPW for your Mobile Phone. Now when you login using this account, your server will use MyPW to verify your password (the random number). If your anyone from your office tries to use the password it will not work a second time.
I haven't ordered a token from MyPW yet. I will. I have ordered a PayPal token for $5 and I'm guessing they are the same. I'm hoping PayPal and services like them wouldn't require you to carry around a token for each web service you use. This is what OpenID is all about. In a perfect world, I should be able to use one token to access all my accounts. This can be done today if everyone used OpenID as their login.