Quote Originally Posted by Otlecs View Post
The move to a proper one-time key is a Good Thing, but to make it more bearable for us, they really do need to improve the authenticator to generate a new code every time it's cycled!
The way (i'm fairly sure) the authentication works is that the keychain unit and the auth server create a new valid agreed upon key every 30 seconds. This key is valid for a try made in that 30 second block and is based on the authenticator serial number and the time/day plus some other constant numbers no one else is likely to know.

Since the server has no way of knowing if you pressed the button, there is no way it can be made to accept a different number until the 30 seconds go by and it moves on to the next one. They could make both sides change numbers more frequently, but then you would have less time to type in the correct number before it expires. (there is probably also some tracking server side for the previous and next valid numbers to account for the timebase drift that likely happens on the keychain unit, since it is bound to be significant and would vary with temperature and such)

I have a similar unit to this for my etrade account and it does't bother with the button, it just always shows the current valid number, and a little countdown bar showing how much longer until it changes.