[counthomer]

Actually neither of these are prevented - as I pointed out in my initial post. As stated, joy riding is nearly always the result of someone leaving themselves logged on, or is someone known to the player (to the extent it is nearly always semi-innocent) and the result of someone not realising what their friend was doing on their account (with their tacit permission). Key fobs are therefore not even in the equation.

If it is a malicious hack attempt then I could easily get around the key fob security, and your rationale that it would save man hours and infrastructure is inaccurate when you consider the support, infrastructure and deployment requirements of two factor authentication. If you don't believe me, then consider why most online banks (who use these systems in house) don't extend them to their customers.

Your argument on the experience of 2+2ers is noted, but it is a overly generic assumption. A good poker site will always recover the money as their systems and procedures will always prevent money leaving the system where real theft has occurred. My guess is that you are referring to joy riding, in which case the general view of the sites on that the player involved caused the problem. This may sound harsh, but ultimately the players have to take some responsibility for the security of their accounts.

Paypal is the wrong comparison to draw here - if someone hacks a paypal account they can move money out of the reach of paypal within seconds. Paypal is therefore even more insecure than an online bank in this regard.

In short this is not a solid and reliable solution in any way - there are few (if any) benefits from a security perspective and many problems in implemenation and support.