I've been using an extranet site recently that calls you, using Twilio or something I guess. They have my mobile phone number.
You enter your username and password on the web form and your phone rings a couple of seconds later. You are asked by a recording to type in your PIN. When you do, the HTTP request is completed and you are logged in.
It's very easy as a user, and seems quite secure. The username/password/PIN are all quite weak and easy to remember, but in conjunction with the phone call, it's fairly strong.
You enter your username and password on the web form and your phone rings a couple of seconds later. You are asked by a recording to type in your PIN. When you do, the HTTP request is completed and you are logged in.
It's very easy as a user, and seems quite secure. The username/password/PIN are all quite weak and easy to remember, but in conjunction with the phone call, it's fairly strong.