MailChimp just had an interesting blog post about the new authentication system from AlterEgo that they have started using.
But what I found most interesting about the article is the study they made of leaked passwords. Using a file that was hacked from a blog network and posted online, they discovered that 25000 accounts on their service matched the e-mail. Out of those, 7000 used the same password – a much larger amount than they expected. And certainly much more than I did.
While AlterEgo's system is much less secure than RSA token, it is free and adds some security.