Has RSA hack sown seeds of token resistance?
In February this year RSA, the security arm of information infrastructure firm EMC, announced that it had been the victim of a cyber attack and that critical information may have been stolen from its servers.
At the time it was thought that this information could have included the “seed” data that helps to generate the random numbers used in the company’s two-factor authentication tokens. Anyone in possession of the seed would technically be able to use it (in combination with basic username and password information) to log in to the private networks and services of users of RSA’s secure token product.
In May, it seemed likely that this had happened, as the private corporate network of military hardware manufacturer and RSA customer Lockheed Martin experienced a significant disruption. Security experts often cite the inherent weakness of username and password combinations as being a major cause of cyber attacks and data loss for enterprises. Two-factor authentication, such as RSA’s tokens and their pseudo-randomly generated numbers, was supposed to be a simple fix to that problem.