Schneier pointed out that the tokens will not stop the most common types of attacks. Tokens can work well in corporate environments but will be ineffective against much of today's crime since it relies on tricking users rather than beating passwords.
"Two-factor authentication doesn't solve anything. It won't work for remote authentication over the internet," he said.
"I predict that banks and other financial institutions will spend millions fitting their users with two-factor authentication tokens.
"Early adopters of this technology may very well experience a significant drop in fraud for a while as attackers move to easier targets, but in the end there will be a negligible drop in the amount of fraud and identity theft."
He lists two attacks, man-in-the-middle and Trojans, which would not be stopped by the use of tokens. In the first case a hacker sets up a fraudulent phishing website such as a bank log-in page where the victim inputs their log in details anyway, and with Trojans the hacker would log in with the user, token or no token.
Representatives of the British banking industry, police and the security industry met in January to discuss ways of fighting online fraud, including the introduction of tokens. Last year AOL launched a premium service for customers using the devices.
Microsoft announced yesterday that it is dropping passwords in favour of two-factor authentication.
Citrix claims Workspot has 'continued to mislead the market' and use Citrix-patented features
Using proven technology from wireless, coax and ADSL/VDSL communication
Touts crowding genuine fans out of the market, claims government
Users complain they haven't been able to access their accounts or withdraw money