This is great article explaining the exact problem Validian's last PR addresses http://www.infosecurity-magazine.com/news/twofactor-authentication-set-to/?utm_source=twitterfeed&utm_medium=twitter