In March, the RSA (News - Alert) had a breach in its systems and has just begun to publicly speak about the incident. Admitting that SecurID tokens were compromised, the company will work to replace all 40 million tokens for any client that wants them. While the company has only confirmed one breach so far, the others were hinted at by warnings sent internally and strange looking domain name and password reset software processes.

This recent admission has made many headlines, especially because other cyber-attacks on the networks of the three U.S. Military contractors including L-3 Communications, Northrop Grumman and Lockheed Martin (News - Alert) have just taken place.

RSA SecurID is a two factor password reset software authentication system that was created to offer security to users when looking at confidential data. Tokens are issued that interact with either hardware or software and generate authentication codes at fixed intervals (usually 30-60 seconds), using a built in clock and the cards factory-encoded random key (called a “seed), an article from ghacks.net explained. If all 40 million tokens may now not be totally safe, RSA must replace them. The replacement process is guaranteed to cost the company a large amount of money.

No official details have been released as of yet, making many individuals in the security industry as well as customers extremely mad. But, the article states, “because the way the tokens work, it seems likely that the seeds that link every token to a specific account and the algorithm that calculates the numeric sequence generated by the tokens must’ve been compromised as well.”

Chairman Coviello defended the company’s actions about not releasing details of the attack, explaining that they didn’t want to reveal to hackers how to successfully complete attacks in the future.

In related news, TMCnet recently reported that two-step verification requires two means of identification to sign in, which further increases security.