Why not use a smart card? (Score 1)

Just a thought. If you really need 2-factor authentication, setup the reverse proxy (unless you can get TiVo to require SSL client-side authentication). Pick up a smart card and reader from http://www.cardstore.slb.com/. I recommend the CyberFlex E-gate for this as it will reduce you overall costs and give you MAXIMUM convenience. Once you get this all set up (you may want to visit the M.U.S.C.L.E. site if you're using Linux or Mac OS X or other un*x variants), go to your favorite free-cert provider like Thawte/Verisign. When you generate your keys, be certain to instruct your smart card to do the work. Next, configure your web-server (TiVO or Apache) to require client-side SSL authentication and specifically, your certificate. Viola! Two-factor authentication. In this case, your private key makes your smart card very unique (what you HAVE) and you should set a PIN on your smart card to protect it (what you KNOW). If you're really up for a project, add some biometric (what you ARE) card-authentication for 3-factor authentication.