I was poking at various perl things to move kvance.com away from static html pages, and I thought of a crazy authentication scheme:
You have an account with your mobile number and public key.
You go to the login page and request a one-time password.
You then whip out your mobile phone and start the password receiving program.
The server sends you the password as a text message encrypted to your public key.
Your private key with password on the phone decrypts the one-time password for the website.
Enter that password into the login page. It can't be used again.
So keyloggers and network sniffers are foiled, and if the badguy steals your private key (how?) and password, he also has to steal your phone to get the text message! Huh? Crazy? I am up much later than usual tonight :P