While this is overkill for logging in, this type of out of band authorisation is relevant for second factor authentication periodically, or for high value transactions.
A customer logs on as usual with her username and password (the first factor); at logon, the ClairMail system automatically sends a time-expiring, one-time-PIN (OTP) to the customer’s mobile phone (the second factor) and the customer enters the OTP while online to validate the session.
Source: ClairMail Delivers Major Breakthrough in Online Banking Security
Technorati tags: security, two+factor+authentication
Bankwatch 
One interesting thing being done by a bank in India (ICICIBank.com) is that at the back of the Debit Card issued for the account there is a lettered (A to P) grid with 2-digit numbers in each cell.
When attempting a third party transfer the website presents you with a few alphabets for which you must enter the corresponding 2 digit numbers to succesfully complete the payment.
For older debit cards (that don’t have the grid), it asks the customer to key 4 randomly chosen digits in the debit card no
The out-of-band message to the cell phone is hardly new, so I find ClairMail’s “breakthrough” statement dubious. Banks in the rest of the world — Australia especially — have been doing this for a while.
Shreepad, that’s interesting. I’ve heard about the “bingo card” approach many times, but I haven’t often seen it in practice.
Found MyPW a couple of weeks ago its pretty cool its a OneTime Password (OTP) service.
I got it working on my site within a few hours.
You should check it out its really cheap.
http://www.mypw.com