Security 'Tokens' Take Hit

RSA Security is offering to provide security monitoring or replace its well-known SecurID tokens -- devices used by millions of corporate workers to securely log on to their computers -- "for virtually every customer we have," the company's Chairman Art Coviello said.

In a letter to customers June 6, the EMC Corp. unit openly acknowledged for the first time that intruders had breached its security systems at defense contractor Lockheed Martin using data stolen from RSA. SecurID tokens have become a fixture of office life at thousands of corporations, used when employees log onto computers or sensitive software systems. The token is an essential piece of security, acting as an ever-changing password that flashes a series of six digits that should be virtually impossible to duplicate. Coviello didn't specify what happened to the tokens at Lockheed. The intruders didn't take any Lockheed customer or employee data. But as a precaution, he said RSA will offer to replace nearly all tokens -- millions of them used by government agencies and businesses.