While radius supports two-factor authentication, it's pretty hard to reach that through HTTP authentication. You'd have to do a lot more work to enable the collection of the second credential. RSA Time-based SecurID is generally single-factor token based authentication. (And given the number of glaring manufacturing/process problems with it over the years, I wouldn't use SecureID)