“Hardware security devices are an improvement… However, we need to be mindful of our hardware, and just because we say this magic token is secure, we don’t implicitly assume that.”
Hardware tokens provide possibly the best way to add an extra lock onto your account. Two-factor authentication sent by SMS can be intercepted. It is probably going to have a harder time to getting hold of the unique code these little tokens generate.
But, it’s not impossible.
“It’s a supply chain attack; you’re modifying them before the user gets them,”