This is now out. Go here for instructions and screenshots and stuff:
http://eu.square-enix.com/en/seaccount/otp/token.htmlYou can't use both the token and the app. If you currently use the token, you need to unregister it before you can register to use the phone app.
It doesn't say so on the page, but I seem to recall that if you unregister a security token it can never be reattached to any account again ever. Might want to watch out for that.
Pros & Cons of using a software token over the physical token:
+ Unlike your token, you're much more likely to be carrying your phone while not at your house.
+ The phone app is completely free. Unless you got a free token with the collector's edition, they cost $9.99.
+ Although it may take 5-10 years, the battery of the security token will eventually run out. You can get a new token but it'll cost you. You'll be locked out of your account during this time.
- On the flip side, the 5-10 years will easily outlast your phone's lifespan, which many people replace every couple of years. Although you can swap the app to a new phone, you need to do it while you still have your old phone if you don't want to get locked out of your account.
- Your phone is more susceptible to loss and thus getting you locked out of your account. (Lost phone, damaged phone, new phone, reset phone, upgrade phone, etc) - Whereas your token will likely sit in a drawer for 10 years and only come out to log you in and back into the drawer again.
- Smartphones can get viruses and spyware, and malware can target these apps and obtain one-time passwords. In it's defence, because this is
two-factor authentication, somebody who does this still needs to somehow get your username and password from your PC and match it to the right phone somehow. A malicious IRL "friend" could pull it off; they could steal your token too, mind, but you're more likely to notice that.
Don't let the cons put you off. Having your account secured with two-factor authentication is the best thing you can do for peace of mind versus hacking and account stealing etc.