Good point about cell phones. I suppose it would be ideal if people didn’t have to carry yet another device to get two-factor authentication

The problem, though, is that as more organizations go to two-factor, the number of physical tokens will start to increase beyond reason.

One alternative solution is to use mobile phones for the second factor authentication; we just launched a product that does that (linked above). People already have their phones anyway, so at least it avoids Yet Another Token.