At the moment I have implemented support for Yubikey (http://yubico.com/products/yubikey/). It does not offer all the same functions as Umikey, but all you need to pay for is the hardware itself. Yubico provides a validation API that is free to use, and open source libraries to interact with the API. I used 10 minutes to fully integrate Yubikey support in my application.
Originally Posted by mannyer
The users also have an option to recieve a one time password in a GPG signed email. This email also contains information that will help protecting against man in the middle attacks (if the user is educated).