RSA free to replace SecurID tokens to all corporate clients

Until recently, RSA SecurID tokens were considered to be an extremely reliable method of two-factor authentication using a proprietary secret cryptographic algorithm. However, in March 2011, RSA reported on a “massive cyber attack” on its infrastructure, in May 2011, after an attempt to hack the manufacturer of military equipment Lockheed Martin, it turned out that SecurID technology could be compromised. Although RSA cannot directly recognize the fact of vulnerability, yesterday it promised to replace almost all SecurID tokens that are used by enterprises and government organizations around the world.

If you use such tokens, then all the information about their replacement can be found by phone number:

1-800-782-4362 (United States)
+ 1-508-497-7901 (international)
')
Each SecurID token is associated with a user account and generates pseudo-random numbers in 30-60 seconds using an individual 128-bit key. To log in, the user must enter his password and additionally a digital code from the token. The authentication server knows which numbers should be on each token, and thus checks the identity of the token to a specific user.

The sequence of numbers is defined by the RSA Security secret cryptographic algorithm. After the incident with Lockheed Martin and the announcement of the replacement of tokens, we can assume that this algorithm is no longer secret. RSA itself says that the replacement of tokens is carried out for "preventive purposes"

According to IDC estimates for 2010, SecurID controls about 70% of the global market for two-factor authentication systems, as of last year about 25 million tokens were produced.