Why aren't smart cards more popular? Is there even an API for web pages to make use of smart cards (I'm not a web developer)? I know yubikey, but I do not understand the concept. A simple smart card token should be sufficient (like the yubikey NEO).
I do not own a smart phone, but it would make sense to have smart cards built in, register your phone's public key to your service and use a challenge-response like authentication for second factor.
The basic functionality (SSL Client Certificates) is built in to all major browsers and servers. Enabling it up takes only a few hours and doesn't require any third-party software or hardware at all.
Actually getting your users to buy a smart card reader, find a card that has drivers for their browser/OS combination, buy that card, and spend half an hour setting it all up? Good luck with that.
