So I was recently reading this article http://www.cnet.com/news/false-secur...its-customers/ about two-factor authentication and although I really didn't understand it, the article was suggesting that hardware tokens weren't secure. So this got me wondering what type of two-factor authentication is currently the safest? This website https://twofactorauth.org/ lists different websites and the methods of two-factor authentication they use. So between SMS, phone call, email, hardware tokens, and software implementation which ones are the most secure?

Especially given your comments on Linux security here I suggest you don't use the fact you don't understand the article as a shortcut to blightely jump to the million dollar question. Basic understanding of the SiteKey implementation, how Man in The Middle (MiTM) attacks subvert it and more importantly: how human behaviour undermines authentication (neglecting to notice any discrepancies), is important. Next to that anybody responding with "product X" (without properly explaining why) should be viewed as utterly suspicious.

Failing to do so would be like setting up a Claymore mine (or better: have some doofus set it up for you) without reading the cover notice and "just hoping you get it right". Well, there is a chance... Now, that you are invited to discuss things here is inherent to how fora like LQ work but the responsibility to read, understand and make an informed decision should be yours and yours alone. So as far as CVE-2006-7199 goes please read these:
https://www.schneier.com/blog/archiv...ailure_of.html
http://blog.washingtonpost.com/secur..._to_break.html

http://paranoia.dubfire.net/2007/04/...le-attack.html
http://paranoia.dubfire.net/2007/03/...s-sitekey.html
http://cr-labs.com/publications/SiteKey-20060718.pdf

and don't forget this one: http://www.usablesecurity.org/emperor/

I think that the bottom line is that "neither personal-computers, nor (especially ...) phones and tablets, qualify as 'secure devices.'" Neither is the Internet a 'secure network.' (No, not even given the fact that individual conversations can, more or less, be secured. You cannot prove that there is not a man somewhere in the middle of the complete exchange.) These devices were designed to be appliances.

The only hardware-plus-software environment that would actually be appropriate for (especially ...) "online banking" does not exist yet. The technology that is required includes a truly-hardened computer, plus a "smart" credit-card with an onboard microprocessor, and a secure reader for that card which is installed into every phone, tablet, or computer. The notion of a "credit card number" must go away completely.

Ironically, I think that some of the novel cryptographic ideas that currently manifest in "bitcoin" just might play a part in all of this. The total requirement for credit-card processing necessarily must include both online and offline acceptance capability, and the exchange must remain secure even though an unscrupulous merchant (or, a data-thief working for him ...) will have access to the stored, not-yet-processed offline data. "Bitcoin" essentially introduces the notion (as I understand it ...) of completely-decentralized authentication. If this notion can be coupled with a cipher exchange protocol that is not computationally intractable ... indeed, that can be partly implemented on-board a smartcard ... then there are millions of dollars in well-deserved patent royalties to be earned by someone.