Setting aside the fact that smartcards and other cryptographic devices constitute "two factor" authentication, the term is often used to refer to a large class of personal authentication devices that generate a pass phrase or other login code, used to access online resources. There are three important sub-classes:

Time Syncronised One Time Password: every thirty seconds or so, the device generates a fresh pseudo random one time password. The pseudo random number generator is seeded uniquely for each specific device.

Read more