Quote Originally Posted by Packetdancer View Post
It's no worse than half of the other software security tokens out there, but neither is it any better.

That said, I'm very tired of companies making their own variant two-factor code; I would vastly prefer they used the standard TOTP (RFC 6238) or HOTP (RFC 4226) authentication. That way you could use anything that supported those standards. Be it things like Token2 hardware tokens, or Google's Authenticator software, or ecoystems like Authy or 1Password. Then I could stop having like five different custom authenticators installed on my phone for different systems.

(Especially since I cannot see any appreciable security benefit to SquareEnix's OTP implementation, versus TOTP or HOTP.)
I mean, SE has had theirs out for 11 years now.
Why change what works? Seems to be SE's policy on many things.