So, why tokens instead of a traditional password? A token is a temporary "password" that is valid for only 5 minutes after its creation. It is also immediately invalidated after you successfully log in with it (this is why you always need to create a new one before logging in, even within that 5 minute window). This ensures that a token can only ever be used once. The idea behind this is twofold: the primary purpose of this method of authentication is security. The connection between your SA-MP client and our game server is completely in plain text - no encryption whatsoever. This means that when you hop on a public wifi network to play some SAS, any nefarious actor could eavesdrop on your connection and read along with everything that you are doing, including your password. Due to the temporary nature of a token, the bad guy will have gained... nothing at all, as the token will have already been invalidated by that time*.
The other benefit is that this ensures that you always visit our website before hopping on the game server. This allows us to notify you of all sorts of important things and it keeps you in the loop. A win for you, and a win for us :)
* Theoretically, the bad guy could intercept the token and use it before you by tampering with your connection to our game server, but this is way more profound and would require a targeted attack rather than just simple eavesdropping. This is highly unlikely - and even if it were to happen, you would know instantly that something is up as you would be unable to log in to your account yourself.