I think your last statement mseller is totally viable. Look at mt. gox. they bypassed yubico altogether. In fact, for 500 bucks, you can buy one of their own USB things that can authenticate keys. A lot of the technical stuff is way over my head, but after reading their site, I think it would be quite feasible and easy to implement the yubikey here at SR. SR wouldn't even have to make it mandatory, just if you want to use 2 factor identification. If they wanted to be like mt. gox and control everything, they could, but I think it would be best if we could just purchase the yubikey from yubico as to protect our identity. I think it would just add one more layer of much needed security...