Did you set it up before the card reader was in use? (may be a silly question) ;-)
To get into my account without - and I still can do - I need the name, membership number, password number and another password (memorable name or whatever). I can set the browser to remember the first two, so only have to enter the last two manually.
This worked perfectly well for years. Only when I came to try and set up an additional payee did I need the pin sentry device.