Encryption Key entered at login screen?

Given, it could be made workable as per your lines, 1st, safe encryption key storage at the user's end is another problem after successful eliminatin of storage within php file or server end. So, on safe storage and unique encryption key under physical key storage within a connectable piece of hardware, a usb dongle kit along along with php logon script with dongle online registration feature inside had been purchased at our end years ago and it worked fine, say, PLUG-AND-PLAY, inserting the USD dongle into the USB port launched automatic logon procedure, pulling the dongle out of the USB port had been ending the logon. Safest method so far seen by us, yet, problem at that time to make the very next step to bundle the logon php script with PHPRunner that way, a second login procedure into the the PHPRunner appliance could not really hit the minds of the dongle software developers at all. Asking others, they told us to be stupid to believe is safe system can be created by dongle usage while, as per the makers, the burned code inside the circuit of the dongle is turned 30 times until final logon one while 5 to 6 times is already to be safe encryption. While homebanking institutions and lots of other organizations had been struggling in vain to find secure methods to identify a bank client to be the very and olny entitled one, your posting is coming near to a worldwide demanded safe access solution, if not to say, a very hot and tremendously valuable web technology cake (once such safe solution would be finally up and running). Finally, either entering an encrypted or non-encrypted string into a logon screen, fact remains that the system must find a key counterpart to properly run the identification process inside the system and if such key counterpart is not stored within the php file or server environment, we can't see any success to get such idea from your end to get realized, web technically speaking. There always must be TWO places where the key is stored, with the user to run login and within the system to properly identify the user's access right. And to connect down to "user can only edit hs own entered custom encrypted data" would finally be the next hurdle to take or say, it would require assitance at all ends by product developers while the question remains whether or not it would make sense to them to bring up the motivation level to "turn it on ..." to a higher scale.

Thanks for reply, the usb idea has merit.
Could just keep the script local and local database, however, defeats "in the cloud" concept.
however, the below is doable.

Hoping to get additional feedback from as many members as possible.

While technically this is possible I believe this is a terrible idea. The technical implementation would involve user entering both password and encryption key. Password is required to authenticate the user while encryption key is used to encrypt/decrypt data.
Problems:

1. You lose your password you lose your data. forever. Not a solid application design.
   
2. If you cannot trust your server you are doomed anyway. Even if you do not store encryption key on the server hackers can modify your PHP code so encryption key is stored somewhere and they got access to all your data.
   Properly implemented two factor authentication is the way to go i.e. RSA tokens or activation code via SMS.
   And if want a horror story related to forgotten/lost passwords check this:
   
   http://funnies.paco.to/content/view/92/
   
   This story is most likely fictional but you get the idea.

RSA tokens or activation code via SMS.

Thank you for feedback. I accept the terrible idea statement.
Any phpr tutorials for implementing the extra step for: activation code via SMS with phpr password login screen ?
Thank you,