A recent New York Times article once again draws attention to potentical vulnerabilities of token based temporary passwords. Saul Hansell describes in the article how hackers use new trojans to capture passwords in real time, thereby by-passing the security of offered by a token based device that utilizes a complex algorithm to generate a new temporary password every minute.
Source: How Hackers Snatch Real-Time Security ID Numbers