PayPal users will probably know this already but for some time now it has been possible to double-lock your PayPal account with an SMS Security Key, meaning that as well as having to give your email address and password to sign in you also have to type in a random 6-digit code sent to your mobile phone via SMS. This combination of something you know (your password) and something you have (your mobile phone) is intended to increase the security of the service.
I was initially rather sceptical that this would work, being under the impression that SMS is inherently unreliable, but it actually seems fine. OK, I'm not the world's biggest PayPal user - I probably sign in once a week at most - but, so far, I've not suffered lock-out because the SMS message with my 6-digit code in it didn't arrive quickly enough.
I'm surprised that more banks don't offer this feature for their online banking? (Actually, I don't use that many banks! But I can say that mine doesn't.)
I also noticed today that Amazon Web Services offer a similar multi-factor feature (which I think is reasonably recent), but using dedicated hardware rather than your mobile phone and SMS.
Finally, I note that MyOpenID.com offer CallVerifID, which will call your mobile when you try and sign in - though it is not currently available in the UK (because of the call costs).
All of which is largely anecdotal - I assume there are plently of other examples I could/should have cited, these just happen to be the ones I've noticed/used - but it strikes me that the use of the mobile phone as a second authentication device has some significant advantages (for the user at least) over a dedicated device. As Will McInnes noted at FOTE last week, we all keep our mobiles close to us pretty much all the time now anyway.