There's no clear indication yet of whether RSA will or will not be forced to make changes to SecurID as a result of what RSA Executive Chairman Art Coviello said is "an extremely sophisticated cyber attack in progress being mounted against RSA" where information was stolen "and that some of that information is specifically related to RSA's SecurID two-factor authentication products." SecureID is used to protect sensitive corporate data.

MORE ON THE RSA HACK:

But there's already speculation that attackers gained some information about the "secret sauce" for RSA SecurID and its one-time password authentication mechanism, which could be tied to the serial numbers on tokens, says Phil Cox, principal consultant at Boston-based SystemExperts. RSA is emphasizing that customers make sure that anyone in their organizations using SecurID be careful in ensuring they don't give out serial numbers on secured tokens. RSA executives are busy today conducting mass briefings via dial-in for customers, says Cox.

RSA has yet not responded directly to inquiries. But all of the hubbub makes experts wonder whether a security fix for SecurID may be coming because of the discovery of the breach at RSA. Jon Gossels, president of SystemExperts, is inclined to think that may well happen; Cox, not so much. But Cox acknowledges that a massive change for tokens and the RSA authentication would be no trivial matter for customers to undertake.

With little more to go on than that right now, the question is whether customers are likely to feel a loss of confidence in using SecurID, the two-factor authentication system. Or to not have confidence in RSA the company.