RSA SecurID: Egg meets face

SecurID fob (EMC)

In the case of the SecurID hack three months ago, RSA's strategy -- to deny anything was worrisome -- has come back to bite it. Hard. The company is having to learn some of the oldest lessons in security -- and in PR. Find out more, in The Long View...

You may recall that in March, RSA -- security arm of EMC (EMC) -- confessed to a security breach. The company said its SecurID two-factor authentication system had been "impacted" by a hacker break-in.

Right from the start, RSA's official statements smelled bad. I, and others, worried that the company wasn't being 100% frank and honest about the situation. Those fears have been realized, as Lockheed Martin now joins two other defense contractors in falling victim to attacks. Read on...

Two-factor authentication (or 2FA) is all about something you have and something you know. It's a way of augmenting passwords -- something you know: a single "factor". You add proof that you also posess something that only you should have -- something you have: a second factor.

In the case of SecurID, you prove you have the token by authenticating with the pseudo-random number displayed on the token. The number changes frequently, based on a shared secret -- the seed -- known only by the token and the RSA authentication server. However, it appeared in March that some or all of the seeds had been stolen. Ouch.

To continue reading this article register now

9 steps to lock down corporate browsers
  
Shop Tech Products at Amazon