RSA Admits Tokens have been compromised
RSA, the token authentication company, has admitted that the data breach that occurred back in March has compromised some Token IDs. This is not good news for either individuals and large companies. RSA has written an open-letter to customers regarding the findings.
The RSA Tokens work by providing a second-factor authentication that is in addition to a standard password. In order to generate these tokens there is an algorithm that produces a seed that begins the generation of the codes that change. The most secretive part of this algorithm is the seed. The seed is tied to the serial number of the token. If the seed is compromised, then the entire system collapses. Guess what the hackers have been able to obtain, the seed.
RSA has agreed to replace some of the tokens that were compromised, this will ease concerns regarding the currently obtained tokens, but what does it hold for the future. How many big companies are going to think twice before implementing RSA tokens due to mis-trust issues. Time will tell what ultimately happens with RSA, but I think more than a few companies will shop around.