RSA has finally admitted that their SecurID key ring fobs, widely used for generating secure tokens for two-factor authentication, have been compromised and will need to be replaced or their continued usage closely monitored. The news follows a number of high-profile cracks of systems belonging to US military contractors, like Lockheed Martin.

Considering how widely used these token generators are in large enterprises for VPN (Virtual Private Network) access and other authentication procedures, this crack has wide-reaching implications. More details via the Wall Street Journal:

Security 'Tokens' Take Hit

---

Updated 2022 : note that the above post was originally published in 2011, but is left here for archival purposes.