Come on SE...

[Laraul]

A security token won't help if your computer has been compromised. All one would need to do a replace the FFXIV launcher with a bogus executable that looks identical but loads a bogus webpage that's indistinguishable from the real thing. It would always return "bad login" every time, and any user is going to re-enter their information multiple times. Once they have three separate security token numbers, they have enough to remove it. And then change your password and email as well.

If you aren't aware that the login application uses MSIE to display a javascript generated web-page. It's a secure page, but easy to fabricate a forgery and load it.

And if I'm logging in from the same location EVERY TIME why should I have to enter my dumb token each time too? No need for me to enter it again.

Also, requiring repeated password changes will just cause the user to start ignoring email alerts about your password being changed. So when it is actually hacked and the password has been changed by some unknown entity, they dismiss it. This is not good practice.