We're way ahead of you guys ;)

On Mon, Feb 2, 2015 at 6:54 PM, Martin Habovštiak <martin.habovstiak@gmail.com> wrote:
Good idea. I think this could be even better:

instead of using third party, send partially signed TX from computer
to smartphone. In case, you are paranoid, make 3oo5 address made of
two cold storage keys, one on desktop/laptop, one on smartphone, one
using third party.

https://www.bitcoinauthenticator.org/      - does this already, currently in alpha
 
> It should be possible to use multisig wallets to protect against malware.  For example, a user could generate a wallet with 3 keys and require a transaction that has been signed by 2 of those keys.  One key is placed in cold storage and anther sent to a third-party.

BitGo, CryptoCorp and (slight variant) GreenAddress all offer this model.