In many cases, websites would like to authenticate their users with something in addition to (or instead of) a password. This can be done as a method to prevent phishing, but also to reduce the chance of someone manually hacking into a user's account. However the usability of some approaches in this area are poor. This document attempts to describe how usability and portability can be improved