[davb]

None of my personal accounts in the UK use two factor authentication. Same goes for the majority of friends and family.

Only one (former) account ever done this, and it was own used when adding a new payee records. It used EMV CAP (http://en.wikipedia.org/wiki/Chip_Authentication_Program) with a separate smartcard (not my EMV compliant debit card).

All of my business accounts offer two factor authentication, recently shifting from SecurID-style TOTP tokens to EMV CAP authenticators.

[72deluxe]

Barclays bank uses two-factor authentication for logging into their online banking (using your card, so that you have to enter you PIN for your card on the little authentication machine to get a code to log in), although you can also set up a PIN to log in without it (I haven't bothered - it's safer not to, right?!). You also need your membership number and a memorable word AND a number as far as I can remember (I do it automatically now)

They also require this authentication step to be carried out for sending money to someone else online for the first time. They also require you to enter your PIN against your card using the same mechanism when you go into a branch, as they cannot access details about your account without you doing it. I suspect it stopped people mugging others and they walking as saying "Can I withdraw £100 on this account here please?" with the card they'd just pinched.

The Barclays one is called PINSentry and they've had it for nearly 10 years I think? My device still hasn't ran out of battery (it gets switched on when you insert your card).

My wife is with Natwest I think and she needs the little card device for setting up new payments but logging in does not need it.