Schneier pointed out that the tokens will not stop the most common types of attacks. Tokens can work well in corporate environments but will be ineffective against much of today's crime since it relies on tricking users rather than beating passwords.
"Two-factor authentication doesn't solve anything. It won't work for remote authentication over the internet," he said.
"I predict that banks and other financial institutions will spend millions fitting their users with two-factor authentication tokens.
"Early adopters of this technology may very well experience a significant drop in fraud for a while as attackers move to easier targets, but in the end there will be a negligible drop in the amount of fraud and identity theft."
He lists two attacks, man-in-the-middle and Trojans, which would not be stopped by the use of tokens. In the first case a hacker sets up a fraudulent phishing website such as a bank log-in page where the victim inputs their log in details anyway, and with Trojans the hacker would log in with the user, token or no token.
Representatives of the British banking industry, police and the security industry met in January to discuss ways of fighting online fraud, including the introduction of tokens. Last year AOL launched a premium service for customers using the devices.
Microsoft announced yesterday that it is dropping passwords in favour of two-factor authentication.
Geoengineering on the sea floor near glaciers would form a new ice shelf to prevent melting
Alterations in capillary blood flow can be caused by body position change
Curiosity rover is in 'normal mode' but not transmitting scientific data back to base
NatWest outage comes a day after Barclays' IT systems shut out customers and staff