Authenticator for iOS / Android

[Churchill]

The Security Token is nothing more than a way for SE to get more money. It doesn't actually provide additional security because in order to remove it, all you need to do is have the security code from the back of ANY token - not the token actually linked to the account.

If SE actually cared about account security, they would use a system such as this like Blizzard uses, but they do not. They care about getting an extra 20$.

[Gokulo]

The Security Token is nothing more than a way for SE to get more money. It doesn't actually provide additional security because in order to remove it, all you need to do is have the security code from the back of ANY token - not the token actually linked to the account.

If SE actually cared about account security, they would use a system such as this like Blizzard uses, but they do not. They care about getting an extra 20$.

Hmm, but don't you remove the token after logging on the account? Which would mean you still need to proper one.

[Elexia]

The Security Token is nothing more than a way for SE to get more money.

The company I work for uses them too, so clearly they're just a money grab. Clearly.

[Ingolf]

The company I work for uses them too, so clearly they're just a money grab. Clearly.

Not every security token system is built equally.

SE's security token system is painfully easy to remove, I'm hoping "The company you work for" doesn't have similar issues.

And yeah, I agree with an Android / iOS authenticator. More and more people are doing it.

[Elexia]

Not every security token system is built equally.

SE's security token system is painfully easy to remove, I'm hoping "The company you work for" doesn't have similar issues.

They use the same token (Vasco), it's easily removed on SE's end because people would bitch if it wasn't easy to remove. You should know that by now.

[Ingolf]

They use the same token (Vasco), it's easily removed on SE's end because people would bitch if it wasn't easy to remove. You should know that by now.

Hence: "Not every security token system is built equally.".

I'm aware a lot of organisations use Vasco security tokens, but the system behind it is down to the company using it.

It's a bad decision on SE's part, and goes against the fundamentals of the ideal behind a security token. (not that surprising seeing as it's XI and XIV)