RSA’s Secure IDs Hacked - What to Do
If you use an RSA SecurID keyfob or card for stricter security than a user name and password provides, you may have just become a last line of defense.
RSA Security, a division of EMC Corporation, said on Thursday that it suffered a sophisticated hacker attack that resulted in the theft of sensitive information related to its popular SecurID two-factor authentication products.
These products involve keyfob devices that display pass codes that change every 30 to 60 seconds, which many companies give to employees who access their networks remotely and some financial institutions give to high-net-worth clients as a way to bolster password security. The devices provide a second security factor — “something you have” — that is combined with the standard first factor of a user name and password, which is “something you know.”
While RSA provided few details about what exactly was stolen from its computer systems, it said the information would not, alone, enable a successful attack on SecurID customers, but could potentially reduce the “effectiveness” of the system “as part of a broader attack.”