Google ophcrack, I used to carry it on a linux usb key.
There's even a live cd now ++

That sounds like the "gizmo" that I mentioned for the Cyprus bank (made in China!!!!). I can't believe that is ultra-secure with just 6 numeric digits.

The Swiss bank is apparently more secure (made in Germany). I enter initially my "contract #" (8 numeric digits) in a 256-bit encoder to start the procedure. I then insert a personal "smart card" into a device that looks like a pocket calculator and type in my 6-digit PIN number. By this time, the computer screen comes with a different 6-figure number, which I then type into the calculator and it then displays an 8 character alphanumeric code (one-off), this being the account access PIN, which I have to type into the computer keyboard. I'm told that each client has a different calculation algorithm that is programmed into his smart card. I've experimented and the first PIN is fixed to access only the smart card in any "calculator". Any mistype into either the calculator or the computer at any stage will block the system with a displayed "ERROR", only 2 errors permitted, the third one completely blocking account access. Because the final PIN is not calculated in the computer, no Trojan etc. can access the calculation. See http://www.kobil.com/products/smart-...echnology.html

It doesn't have to be secure, it changes randomly every 30 seconds.
6 digits gives it a 1 (or 2) in 999,999 chance of a correct guess.
Plus you have to know the password to start with.
That's plenty secure.

Add to that the fact that my function is purely as an administrator, not functional.
That means that my password is expired and account locked due to lack of use 99.99% of the time.

See: http://en.wikipedia.org/wiki/Hardware_token
Our old tokens are the third picture down. They have been replaced with newer designs.

Those would be RSA Timer Tokens...

And while they are very good for security, they can be lost or commandeered. Of course, they'd have to get the PIN number out of the user as well for it to be useful.

When you go much past this level of security, you start getting into the "expert system" challenge scheme, where the security server might ask one (or more) questions from among dozens about you (supplied by you previously on enrollment), these systems are very hard to crack, and can be riddled with duress codes quite easily, so even a coerced user can safely alert the system to a problem.