Every USB drive has a unique vendorid/productid. We can have a config
script that asks a user to enter the usb drive he wishes to use as a
hardware token password. The config script will make a note of it and
will put the vendor/product id in a config file

A auth module is written which logs in a user only if the drive is
inserted. Also there will be an accompanying kernel module which will
prevent any tasks of that user executing when the drive is not inserted
(addl security).

Along with this a cryptographic key is stored in the drive (encrypted by
a password). this key will be used to mount the users home directory
(which will be encrypted when unmounted).

Using this a user has 2 factor authentication .
1) What he has
2) What he knows