HowToGeek posted a great explanation (with screenshots) of how to use Google's two-factor authentication on a Linux system.
If you use FreeBSD there are packages that install the same PAM module:
portinstall -P security/pamgoogleauthenticator
Some nice features:
- It is time dependent. Does not rely on Google servers. You don't have to set up a server either.
- There are iPhone and Android apps. Both are open source so you can independently verify their security.
- It is a PAM module, so it works with everything. It is also open source, thus can be independently verified.
- When you configure a user it prints a URL to a QR code that you can visit with your phone; no need to manually enter the key.
- When you configure a user it prints 5 "emergency scratch codes". Print them, keep them in your wallet. If you lose your phone you can log in with those.
- The "google-authenticator" utility is easy to integrate into installation scripts. It has a non-interactive mode ("-f").