“It’s like a nightmare, isn’t it? It just keeps getting worse and worse.”
— Grady Seasons, The Color Of Money
RSA has now announced they will provide replacement SecurID fobs for in certain circumstances. The letter from RSA-head Coviello (and no doubt an army of lawyers), should be read carefully.
- An offer to replace SecurID tokens for customers with concentrated user bases typically focused on protecting intellectual property and corporate networks.
- An offer to implement risk-based authentication strategies for consumer-focused customers with a large, dispersed user base, typically focused on protecting web-based financial transactions.
So does that mean if you are a “consumer-focused” customer, they won’t replace them? Ha!
RSA is far-and-away the market leader in two-factor authentication. An educated guess on my part is they have two-thirds of the market, so this is a fantastic opportunity for their competitors. Apparently over 40 million SecurID fobs are out there (though I’d wager at least a quarter of those are inactive, expired, lost, or never been assigned).
I know the horse has left the barn, but has anyone been fired over this? And I don’t mean the poor schmuck who got hacked, though maybe him too. I mean, Coviello.