The purpose of two-factor authentication products is to provide a secondary layer of defense. What happens though when the infrastructure supporting that defense is breached?
This week RSA, the security division of EMC publicly disclosed that its SecurID two-factor authentication systems had been breached by an Advanced Persistent Threat (APT).
RSA has tried to calm fears that personally identifiable information was stolen from its system. The company has also provided a series of recommendations to customers to help mitigate any potential risk.