While at the N+I show in Tokyo I got given one of the funny little RSA SecurID for Microsoft Windows tokens. Every 60 seconds it generates a new 6 digit number, but as far as I can tell from their website there is absolutely nothing I can do with this freebie.
Perhaps more amusingly, on the rear of the token there is a URL to go to if you find one of these tokens somewhere. That is an old URL, but it does redirect automatically to the new page. There they tell you that if you found it in your office, and your employer uses the tokens, return it to your IT department. If you find it in a public place, or at the office and your employer does not use them, then hand it in. If it is not claimed within a week destroy it!
A final thought… I wonder why people are so interested in making it difficult to login to ‘doze boxes, when there are so many flaws in the OS and the most commonly used MS apps, that really most attackers have no need to login; they just have to wait for the authorised user to do so, and then take over the machine remotely.