If you think about it Rick, the Auth Manager server has to calculate the current tokencode based on the current time and the Token Seed. But AM needs to calculate at least three TokenCodes as a buffer, the previous minute, the right now minute, and the next minute. But wait, if this is the first logon since RSA services were started, the AM server needs to calculate every tokenCode plus or minus 10 minutes, a 21 minute or TokenCode Window, and any correct tokenCode in that Window will be accepted, as a way to determine if the Token Time is slightly different from the server time.
With 3 Tokens, that means calculating 63 unique tokencodes. Add a 4th token that goes to 84 tokencodes, so I believe the 3 Token limit was both a Security feature, more tokens means more chances to lose a token, and a performance preserving feature in Authentication Manager or ACE back in the day of 32 bit processors
