The reason using one password is bad is because when one service gets compromised now the hackers have your password for every other service. A password is a "shared key' because you know it and the server knows it. That's what creates the honeypot of sensitive data on servers all around the world.
Token works very differently.
It uses "public/private keys" and it generates a unique one for every service you sign up for. The service only stores the "public key" and the device stores the "private key". Whenever you log in, the service sends a challenge to Token and asks it to sign the challenge with its private key. Token does this and sends back the result but never sends back the private key. The server is able to authenticate you using nothing but the public key and the signature. This is profound because servers go from storing tons of sensitive private keys for all their users to storing nothing but pubic keys, which are called public for a reason.
That's why Token is WAY more secure than having 1 password and even more secure than having a unique password for every site.