If you’re nobody special like me, you probably “only” get a few thousand failed SSH logins to your computer each day. If you run a high profile system, it’s probably worse. Of course you have a good password for your account (right?), but should someone actually get your password, like with a keystroke logger on the remote computer you’re using to log in, what protection do you have then?
Two factor authentication can increase your security by requiring more than just your password (one factor) to log in. I like using Perfect Paper Passwords from Gibson Research Corporation (GRC.com). With this system after entering my username and password (even a wrong password) in an SSH session, I am then prompted for a four-digit passcode that I’ve previously printed out and stashed in my wallet. Each code is only used one time, and protects me even if someone manages to get my password. In the case where attackers are guessing my password, they cannot tell if the password or passcode was guessed incorrectly.
There’s only a little bit of trickery involved to compile it for Mac OS X 10.6 Snow Leopard, and if you had it working before in Leopard, you’ll need to recompile the PAM module (I know, it’s like “ATM machine”) for 64-bit mode.