As many have said, the weakest link in this chain of security is the Mog Station, not the console you use to play the game. With barely any effort you could wind up inadvertently giving away your account login info, be it through malware hidden in a download or a fake redirect site linked to in a phishing email. No PSN involved in any step of that. In fact, PSN's only involvement is as a verifier to prove you bought the PS3/4 version so that you can play on said consoles. Really, I'd call the PSN link more an unnecessary annoyance given XI didn't need anything like it, but to call it a 'layer of security' is erroneous belief. The tokens are the only other layer of security beyond the strength of your password, and an external one at that. In order for someone to crack that they first have to get the algorithm it uses to generate the passcode and there isn't a single token out there, Square or otherwise, that gives out it's algorithm for easy deciphering.