RSA has long been an industry stalwart when it comes to security tokens and 2-factor authentication ( SecurID ). One would normally trust them implicitly … but that trust is no longer a given since their lack of disclosure surrounding a recent attack on their systems and possible data theft.

SecureID is one of the oldest systems for 2-factor authentication on all sorts of computing systems including those used to access corporate networks and banking systems. It is a hardware token that generates a OTP ( one time password ) every 60 seconds for use in accessing secure computing services.

However, last week their systems were hacked and apparently some data was taken. According to Art Coviello from RSA, the data stolen reduces the “effectiveness of a current two-factor authentication implementation”, which the unknown parties could exploit in future attacks. He does not, however, say exactly which data has been lost.

And there lies the rub – is the SecureID token compromised or not? RSA is not saying …