Yes a SecurID token is probably more secure than a piece of paper, but it is also less convenient and more expensive.
Also, the piece of paper with 4 words will have 52 bits of entropy while a SecurID token with 6 digits has only has 20 bits of entropy. So I wonder whether SecurID would be easier for an attacker who has access to the password hash and salt to derive the original password...?
In any case, whether you use a piece of paper or SecurID the main point is that financial sites which only require email+password are being negligent in their duty to protect user data from unauthorised access.
Also, the piece of paper with 4 words will have 52 bits of entropy while a SecurID token with 6 digits has only has 20 bits of entropy. So I wonder whether SecurID would be easier for an attacker who has access to the password hash and salt to derive the original password...?
In any case, whether you use a piece of paper or SecurID the main point is that financial sites which only require email+password are being negligent in their duty to protect user data from unauthorised access.