but we were doing something very similar to this new AOL security feature back in 1993 (maybe earlier, I worked there from 1991 to 1994) at IUPUI to log into the secure student database mainframe.
I had a credit-card-sized device (that happened to double as a 4-function calculator) that generated a response to a challenge from the mainframe that I then typed in. I can't remember if that came before or after my userid/password login...I think it was after.
It was actually very cool...in 1993. :)
[MUCH LATER (10/5 to be exact): I am more and more convinced that I was wrong about the sequence. As I revisit this, it occurs to me that it would have been fairly stupid to let you log in and THEN have to authenticate via the card. I'm pretty sure you logged into CICS and were presented with the challenge, then you responded, and then and only then were you prompted for userid/password. But it's been 10 years since I last did this, so if my memory is not so good about it, that's life :) ]
