I like my workplace solution at least for windows login, My ID badge has a smartchip, that plus a long PIN log me in. Though I have to have 3 badges now, one for day to day stuff, one for my sysadmin server access, and now a new one for the old w2k3 stuff that has to stick around cause the required software wont migrate be it vendors going poof or vendors being lazy.
So you would have to steal the badge and know what random string of stuff I have memorized.
Though that still falls apart as there is still some software and things like domain joins that are not smart card aware and Linux isn’t there yet either. For windows I can generate a temp random password for the few things that still require userid and password or get an exception that is regularly checked.
Also good two factor gets ugly when you have have a card/usbstick/RSAKeyfob for every bank, online site, email account, etc.
Bleah, it’s complicated.
