The OpenID Foundation recently announced that a significant chunk of the premier league heavyweight tech companies ( Microsoft, Google, IBM, VeriSign, and Yahoo ) were joining their board. This follows hot on the heals of Yahoo and Google's initial implementations that in theory mean that all of their current account holders either have, or can fairly easily have, an OpenID compliant authenticator. There's a long way to go before OpenID based authentication actually becomes mainstream but these announcements mean that OpenID's chances of succeeding are a lot better than they used to be.
A number of us have been wondering when we would start to see a viable hardware based authenticator that would work with OpenID - now at least one vendor has begun to do just that and is selling what appears to be a simple to get and simple to use hardware based token for OpenID. This could be the start of the really interesting stuff. OpenID on it's own does little to resolve phishing style attacks and is no improvement at all over standard username\password authentication in situations where the network is possibly compromised. OpenID tied to CardSpace\InfoCard closes these holes reasonably effectively but both are still quite fragile (in my experience), somewhat tied to specific platforms and hot portability is a bit of a problem (it's definitely a high risk behaviour when it involves un-trusted local hardware).
This type of hardware based authenticator could, if implemented correctly, solve many of the shortcomings listed above. It should share CardSpace\InfoCard's protections against DNS hijacking\Evil Twin type network interception attacks and hash table attacks against intercepted authentication sessions. In addition it should be portable enough that you could use it on any and all systems of your choosing and it should be very resistant to local interception\snooping so that you could possibly use it safely on totally un-trusted local hardware such as PC's in Internet Cafe's.
I also believe that hardware authenticators are likely to be perceived by the public to be much more trustworthy than software solutions, even in situations where both are technically equivalent. This is only based on personal anecdotal evidence but my experience with users of hardware based authentication tokens in the past has been that people trust them far more than software solutions that are technically more robust, and continue to do so even when the weaknesses of the system are demonstrated.
Of course a lot depends on how well designed the specific hardware implementation actually is. For my part I've ordered one of TrustBearer's usb key devices so I can see whether it does deal with these things properly. I'll be posting some more on this once I've had a chance to put it through the ringer a bit.