I know the above question is a dangerous one. The answer in a general sense is Yes. Security is more important to some companies. But my question is a bit more esoteric.
I read an article yesterday saying that while RSA has come out to say that they will replace SecurId tokens for customers it will take months for that to happen for all of them and actually only about a third of customers will have their tokens replaced.
Yes, I, as do most people, understand that there are economic sensibilities here and that there may even be uncertainty as to the breadth of the breach and what was taken - but really - only a third will have their tokens replaced? If you are in that 67% what are you thinking? If it was me I would be thinking .... Is RSA certain I am not vulnerable? Will they warrant that ... with insurance?
Given the mixed messages coming from RSA on the breach overall, Jeffrey Carr did a couple of great pieces on this - see this one, one would have to wonder on the strategy for the decision on who gets replaced.
It will be interesting to see what follows from all of this. Token based OTP has been a ubiquitous element of multi-factor authentication for some time and one wonders if this whole RSA mess hurts the market or just RSA. Only time will tell.
- Posted using BlogPress from my iPad
No comments:
Post a Comment