RSA SecurID Definition & Meaning

RSA SecurID is multi-factor authentication (MFA) technology used to protect network resources, such as applications and websites. Its purpose is to mitigate risk and maintain compliance without disrupting employee productivity.

This technology can confirm user identities to ensure they are only granted access to the resources they need to do their jobs. RSA SecurID can quickly and securely provide appropriate access to resources both on-premises and in the cloud.

How does RSA SecurID work?

As its name implies, MFA uses multiple factors (at least two) to confirm the identity of users. There are three types of authentication methods that can be combined for MFA:

  • Something you know: This refers to a piece of information that only an individual user should have knowledge of. The most common are PINs, passwords, or the answer to a security question.
  • Something you have: This is a unique component given to a user. It may be a one-time password (OTP), hardware or software token, trusted device, smart card or a badge.
  • Something you are: This refers to a unique characteristic of a user that can be used to confirm their identity made possible by newer technologies. The most common form is biometrics, such as face recognition, fingerprint readers, or retinal scans.

RSA SecurID vulnerabilities

RSA SecurID is a big step forward in user identity security beyond just using passwords, especially with the evolution of zero trust security frameworks, but vulnerabilities still exist. These are some of the most common vulnerabilities:

  • The simplest vulnerability occurs if a key device or a trusted personal device with the integrated key function is stolen. This automatically gives an attacker access to at least one factor of authentication.
  • Token codes, whether they are hardware or software, can be as easy for attackers to steal as a password. MFA that uses only a combination of passwords and tokens remains extremely vulnerable.
  • RSA SecurID offers protection against password replay attacks but can’t prevent all man-in-the-middle (MITM) attacks. This term refers to a malicious actor who is able to eavesdrop on the communication between a user and a network resource or to completely impersonate one of the parties. They can then use the information gained from these communications to bypass authentication.

Social engineering practices are a common vulnerability that many people face every day. Phishing, often via email or instant messaging, can deceive users into revealing details, such as passwords or answers to security questions.

 

 

Avatar
Kyle Guercio
Kyle Guercio has worked in content creation for six years contributing blog posts, featured news articles, press releases, white papers and more for a wide variety of subjects in the technology space.

Top Articles

Huge List Of Texting and Online Chat Abbreviations

From A3 to ZZZ we list 1,559 text message and online chat abbreviations to help you translate and understand today's texting lingo. Includes Top...

How To Create A Desktop Shortcut To A Website

This Webopedia guide will show you how to create a desktop shortcut to a website using Firefox, Chrome or Internet Explorer (IE). Creating a desktop...

The History Of Windows Operating Systems

Microsoft Windows is a family of operating systems. We look at the history of Microsoft's Windows operating systems (Windows OS) from 1985 to present...

Hotmail [Outlook] Email Accounts

  By Vangie Beal Hotmail is one of the first public webmail services that can be accessed from any web browser. Prior to Hotmail and its...

Common Business-Oriented Language (COBOL)...

What is COBOL? COBOL stands for Common Business-Oriented Language. It is a 60-year-old programming...

Shared Hosting Definition &...

Shared hosting is a web hosting model in which multiple sites occupy the...

Database Integration Definition &...

Database integration consolidates data from multiple sources to provide businesses with more comprehensive...