In the U.S., federal regulators
are now requiring banks to have at least two-factor authentication with
their websites by the end of 2006. The Federal Financial Institutions
Examination Council (made up of the FDIC - Federal Deposit Insurance
Corp, the U.S. Federal Reserve, the U.S. Comptroller the Currency, and
others) has very recently issued a press release as well as specific, non technology-specific guidance (PDF) on the need for two-factor authentication. It's an idea being sold to banks and the public as a way to address identity theft in a supposedly proactive manner.