given the nature of the work the system shouldn't be comprisable if a picture of a password gets out, which is suggested in this case. (the fact that it was written down suggests other failings, yes, in all sorts of areas.) your objections (cost, usability, etc), in this case, are pretty weak when you consider the sensitivity of the assets being protected.
soft token-based two factor auth is a growing commodity. key-based auth is commonplace now, and is recognized as strong. finally USB-tokens are also COTS at this point. given that a major government agency which supposedly knows a lot about security got hosed by this, i would expect the market to lag, not lead, security practices.
while my job in infosec isn't related to AAA i know that better stuff exists and that it's in budget and applicable here. i offered some ideas, you offer up criticisms, but i'm still wondering how no one had spoken up about the crappiness of it being 2012 and we still rely on passwords.
just a few days ago this link was posted here:
and also this one from wired:
given all the breaches in the past 2 years by lulzsec and relatives you'd expect a bigger outcry here. nope, not yet.
you honestly think this is the best we have? i sure don't.
here's some (i imagine) better COTS stuff out there: http://www.yubico.com/products/yubikey-hardware/yubikey/