Portable authenticators, tiny devices that you can carry on your keychain for an added level of security, appear to be one of the best ways to ensure that your digital identities can’t be hacked. The way that these authenticators work is by displaying a new code every 60 seconds and are entered along with a password or a pin to gain access to an account. So if a hacker was able to steal your password in some way, they would also need your personal authenticator to log into your account.
Seeing as this heightened level of security technology could prove revolutionary and maybe even end identity theft, the fact that RSA Security, the firm that makes these authenticators, got hacked is a bit disconcerting.
The security firm reported that the data the hackers gained access to was not financial or in any way linked to any of 40 million customers carrying SecurID authenticators, or the other 250 million using their authentication software, but instead was an APT (advanced persistent threat) attack which went directly for the source code of the authentication software. RSA Security said that even though this data was breached it doesn’t mean that hackers can target specific users and compromise the security offered by the authenticators:
“While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers,” RSA wrote on its blog, “this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack. We are very actively communicating this situation to RSA customers and providing immediate steps for them to take to strengthen their SecurID implementations.”
The firm said that it is working with government authorities to look into this sophisticated attack, and in the meantime customers should follow this list of recommendations:
- We recommend customers increase their focus on security for social media applications and the use of those applications and websites by anyone with access to their critical networks.
- We recommend customers enforce strong password and pin policies.
- We recommend customers follow the rule of least privilege when assigning roles and responsibilities to security administrators.
- We recommend customers re-educate employees on the importance of avoiding suspicious emails, and remind them not to provide user names or other credentials to anyone without verifying that person’s identity and authority. Employees should not comply with email or phone-based requests for credentials and should report any such attempts.
- We recommend customers pay special attention to security around their active directories, making full use of their SIEM products and also implementing two-factor authentication to control access to active directories.
- We recommend customers watch closely for changes in user privilege levels and access rights using security monitoring technologies such as SIEM, and consider adding more levels of manual approval for those changes.
- We recommend customers harden, closely monitor, and limit remote and physical access to infrastructure that is hosting critical security software.
- We recommend customers examine their help desk practices for information leakage that could help an attacker perform a social engineering attack.
- We recommend customers update their security products and the operating systems hosting them with the latest patches.
Hopefully, the authenticators will continue to be an effective way of combating hackers and identity fraud, and the security intrusion will only cause the company to improve its security algorithms in the long run.