@wkempf: Indeed. Once you add a third party device, the amount of effort people are willing to go to diminishes drastically. Right out of the gate, you'd need to provide phone apps for as many platforms as possible or at least WP, iOS, and Android. Then there's the problem of making sure that a malicious app on the device couldn't compromise the authentication app in some way.