This way you need to know the password _and_ have the physical token in your hand to know the current key. On the downside, it's also a hassle to carry it around and use it (I have a couple of 'em for access to various supercomputers), so I wouldn't bother doing it for my own email, but if you're a public figure or otherwise sufficiently paranoid it might be worthwhile.
