@wkempf: Right, it really only works for keeping your password off the wire, but the session can still be hijacked, etc.

Are you thinking like an RSA fob or something?