Some very unsettling news about Secure ID tokens. Don’t know what a SecureID token is? Perhaps you have one but don’t know it by name.

A SecureID token is a small little device that can fit on your keychain. It is used as an extra layer of protection for when you log into a computer system. You see, the SecureID Token displays a number that changes every so many seconds. Through some computer trickery, the computer you are trying to log into (that is set up to use a SecureID Token) can calculate the SAME number that your SecureID Token is currently displaying. The theory behind this is that if someone manages to get a hold of your User ID and Password, they STILL cannot gain access to your account with the SecureID Token number…which presumably only YOU have in your possession.

Well, that entire game just changed,

You see, RSA, the company that makes the SecureID Token, reported recently that there was an intrusion/break in/hack into THEIR computer systems, and the hackers were able to steal enough information to be able to figure out what the SecureID Token number should be for a person’s SecureID Token…effectively rendering your SecureID Token uselessĀ (click here for the original story).

Now, the thing you need to understand about system security, and the thing you are going to read from me over and over again, is that there is no such thing as a completely secure computer system. The best you can hope for is to keep the amateurs away from your data, and to give the professionals a reason to go look elsewhere for the jollies (because your data is going to be so hard to crack). Of course, some hackers relish a challenge, so you have to be careful even there.

But the overall point here is that you may be able to protect your data for a while…but eventually, given enough time, hackers WILL be able to compromise your data if they have any way of actually reaching it. Of course, if your data is not accessible from the Internet, then the only way for them to steal your data is to physically enter your premises to do so.

So as far as computer security goes, I think of it the way my parents taught me to think about car thieves. We lock our doors to keep the pranksters away and to try to encourage amateurs to find another car to steal…one that is easier to break into. However, if a professional REALLY wants your car, there is virtually NOTHING you can do to stop them.

So if you have an RSA SecureID Token, be sure to get it replaced right away! The article that I liked to previously already tells of people havingt had their accounts broken into based upon what the bad guys learned from their hacking into the RSA network.

You have been warned!