Proving yet again that the perfect information security regime does not yet exist and that information security is about reducing risk and not eliminating it, RSA has reported "an extremely sophisticated cyber attack" has extracted information from some of the company's SecurID two-factor authentication products. In an open letter posted on the company's web site, RSA Executive Chairman, Art Coviello, indicated that the breach "could potentially be used to reduce the effectiveness of a current two-factor authentication implementation" that uses SecurID. Coviello also said that there is "no evidence that customer security related to other RSA products has been similarly impacted."

Two-factor authentication is a security measure requiring two independent means of identification to gain access to an asset. In the context of information security, two-factor authentication often takes the form of a one being required to know something – such as a user ID/password combination – and the person also having a physical token in their possession. RSA's SecurID two-factor authentication products include hardware and software tools that serve as one of the two factors in a two-factor authentication regime and are used by many businesses and individuals to gain access to individual computers, networks, and web sites, including on-line banking and brokerage sites.

RSA customers who might be affected by this breach should refer to the SecurCare Online Note posted on the company's website for guidance.