BeamAuth is a two-factor web authentication technique that requires no browser extension or physical token. The second factor is provided by a specially crafted bookmark that contains a cryptographic token in the fragment identifier:
JavaScript code at the login URL reads the token, clears it from the address bar, and uses it in combination with the user's password to log in. Both the token and the password are required to log in, and the token is particularly difficult to phish.