For people wishing they could use this for banking, this sort of device cannot prevent a complete MITM attack. Bruce Schneier is fond of saying that the server must validate the *transaction*, not the user. Yubikey can't do that because it can't incorporate any transaction info in the generated output.
The problem with doing that is form factor. The most convenient I have read about so far is the EMUE card -- haven't seen it in action anywhere, but it looks nice, and I'm sure there are others like it.