Salesforce.com Identity Confirmation Security Feature
Salesforce.com has provided an additional identity confirmation security feature that might be required to access the Salesforce.com data source. It is possible that you need to implement this additional feature if you receive this error:
SForceException: Error [sforce-2900000]: LOGIN_MUST_USE_SECURITY_TOKEN
To access Salesforce.com through a desktop application or other API-based application, you must replace your current password with a combination of your password and a security token.
To implement the Salesforce.com security feature
1. Log in to Salesforce.com through the browser to request your security token.
2. At the top of any Salesforce page, click the down-arrow next to your name. From the menu under your name, select Setup or My Settings—whichever one appears.
3. Go to Setup > My Personal Information > Reset Security Token.
or
Go to My Settings > Personal > Reset My Security Token.
4. Click the Reset Security Token button to trigger an email that contains your security token.
5. Select and copy the token from the email.
6. In the application, replace your password with combination of the password and the security token. For example, if your password is MyPassword and your security token is XXXXXX, you would enter MyPasswordXXXXXX in the password field.
See http://trust.salesforce.com/trust/security/identity_feature.html for more details.