What a question!
Ok, so, does multi-factor authentication help? Yes. You can't intercept what's produced on your average bank card-reader without some serious technological wizardry (or a particularly well placed camera). So that login information can only be intercepted; the next time you come to authenticate, the token should be different.
However, and this is a big one. We are assuming (I think) that every communication with this remote service is monitored and that you do not re-authenticate for every given action. In which case, if it is possible to intercept and hijack that session, you will be able to do whatever the service allows.
That might include altering authentication credentials such as the password component. That will certainly lock you out of your remote service next time you come to log in to said remote service, but for repeated access the attacker requires that physical token or the algorithm it uses. We can safely assume they can acquire an appropriate card-reader, but unless they can acquire the card and the PIN, they won't be able to re-authenticate.
So, when the first factor is compromised security then falls on the second factor, the physical number generator or whatever that is, and the security of the session in progress. Your bank probably has this covered too in all likelihood; if I want to make a payment, I also now have to authorise that with my card-reader, because whilst anyone could hijack my session, they won't have access to my physical card (in theory). The same, on my bank, goes for making credential changes. However, it is a different matter for your email account, say.
Let's consider other possible ideas too: the problem with biometric data is that it doesn't change over time. This means, like a password, once it is intercepted, it's valid forever. It's absolutely fine to use in place of a password; in fact, stored appropriately it might even be better, I'm not really sufficiently well read on the topic to say, but it has the same constantness that a password is likely to have.
So, basically, Douglass gets there. One time passwords are a very good choice; in this case, what appear to be one time passwords generated by a card reader based on input from a card protected by a PIN.
It is worth noting, however, that credit card security is an often-discussed topic on Light Blue Touchpaper, the Cambridge University Computer Security Lab, where the implementation security of Chip and PIN frequently comes under fire.
All in all, it's a balance game. To what extent do you think the controllers of this computer are likely to perform such an attack on you? To what extent is their ability to access your email or whatever a concern? There's an equation that says something like severity = likelihood x risk
- evaluate concerns in that way and decide whether or not, for your particular circumstances, the risk is one you are willing to take.