Several analysts today urged companies that are using SecurID to review their authentication measures and to shore them up if necessary. Until RSA releases further details on the breach it is best to assume that SecurID is vulnerable, they added.
"Don't panic," said Rich Mogull, an analyst with Securosis. "Until we know the attacker, what was lost, the vector of a potential attack," and the extent to which SecurID may have been compromised, it's hard to make a risk assessment, Mogull said.
But for the moment at least, enterprises should assume that SecurID is no longer an effective second factor of authentication, he said. "Review passwords tied to SecurID accounts and make sure they are strong," Mogull said. "Consider disabling accounts that don't use a password or PIN and set password attempt lockouts."
In an embarrassing admission for a security company, RSA said on Thursday that unknown intruders had stolen information relating to its SecurID technology in what it described as "extremely sophisticated cyber attack against RSA".
The company expressed confidence that the stolen information would not enable a direct attack against SecurID. But it added that the information could potentially be used to reduce the effectiveness of the technology.