Quote Originally Posted by Syrokko View Post
This is a good idea...
But...
Cell phone connections are quite easily compromised when connected online.
The idea is to reduce risk by separating the authentication process. To compromise an account, you would have to compromise the pc AND the cell phone at the same time.

The probability of this happening is pretty low. The codes generated by the token/app are only valid once, and only for a duration of about 30 seconds after generation. Compromising the cell phone and stealing a code won't help you at all.

As for banking apps on mobile phones, there have been cases of them getting compromised already, mainly because the implementation of SSL/TLS was faulty, etc (see article here) So yes, security is an issue, if done wrong.