Let me ask something: do you use two-step authentication? Or is it too much hassle for the extra security? And to find a universal solution: in many cases (of the not-so-outspoken digital non-natives, and poorer families), mobile devices are shared between family members. Is there any good secure solution if you don't have a personal device, but only shared ones? Already, online banking is a pain since everyone has to go to the 'Auth Device Corner' to retrieve the shared device to make a transaction. It is not a satisfactory general solution.
One alternative may be the 'tan card' solution, a printable matrix of random characters (1 to 5 letters in each grid Element) which can be copied and stuck in your wallet as well as at home, from which a random set of three grid elements is requested as the second step in authorization. Perhaps less geeky, but it does get around the 'but xy has the auth generator now' problem. And it's just as insecure as when someone stole your auth device – you can encrypt it with a simple cypher algorithm that you can mentally decode on the fly, if you want to 'password-protect' that piece of paper in case your wallet gets stolen.
Reshared post from +Jon Mallin
Twitter doing internal testing on a 2-Step authentication feature. 2-Step is the issue I raised earlier today when I learned that the AP was hacked. Of all sites I can think of, it would have made sense for Twitter to have implemented 2-Step by now.
(Wired's headline is an oversell of this story. Ironically, the post is written by Matt Honan, the writer who shared his tale of the "epic hack" he suffered.)
Twitter Now Has a Two-Step Solution | Threat Level | Wired.com
Twitter has a working two-step security solution undergoing internal testing before incrementally rolling it out to users, something it hopes to begin doing shortly, Wired has learned.