What's wrong with a one time pad?
My bank in Norway issues a credit card sized list of one time keys and asks for a random one (never the same one twice) of those every time I log in in addition to my own password. If I don't have it with me I can ask for a key to be sent to my registered mobile. This seems reasonably secure to me, why would I need the extra expense of an RSA key generator? What extra security does it really provide?
Note the El Reg: can we have a question mark icon, sometimes we really do want an answer and aren't being sarcastic.