LLMpediaThe first transparent, open encyclopedia generated by LLMs

SecurID

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: RSA Security Hop 4
Expansion Funnel Raw 96 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted96
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
SecurID
NameSecurID
Product typeAuthentication token
OwnerRSA Security (EMC, Dell, SymphonyAI)
Introduced1986
MarketsInformation technology, Financial services, Healthcare, Government

SecurID SecurID is a hardware and software authentication token system developed to provide two-factor authentication for access control and identity verification. It has been used by corporations such as Citigroup, Bank of America, JPMorgan Chase, public agencies such as the United States Department of Defense, and technology vendors including Oracle Corporation and Microsoft. The product has intersected with major events involving RSA Security, EMC Corporation, Dell Technologies, and the 2011 cybercrime incident that influenced cybersecurity policy worldwide.

Overview

SecurID delivers time-synchronized or event-synchronized one-time passwords via physical tokens and software tokens to support secure login to systems like Oracle Database, Microsoft Exchange, VMware ESXi, and remote access services from vendors such as Cisco Systems and Juniper Networks. Enterprises in sectors including Goldman Sachs investment banking, Wells Fargo retail banking, and healthcare systems like Kaiser Permanente adopted SecurID for integration with Active Directory and LDAP directories. The solution competes with other multifactor authentication providers such as Duo Security, Yubico, and Okta, and is often evaluated alongside standards from organizations like the National Institute of Standards and Technology.

Technology and Operation

SecurID tokens contain a seeded cryptographic algorithm that generates a one-time code at fixed intervals, which users combine with a personal identification number to authenticate to services such as Citrix NetScaler, Amazon Web Services, and Salesforce. The system relies on synchronized clocks and shared secrets managed by RSA Authentication Manager or cloud services hosted by firms like Amazon Web Services and Google Cloud Platform, with integration points for identity providers including Ping Identity and Okta Identity Cloud. Implementation touches protocols and products from RADIUS, SAML, and OAuth 2.0 ecosystems and interoperates with appliances from F5 Networks and Palo Alto Networks for access control. Cryptographic building blocks reference work from figures and institutions like Whitfield Diffie, Martin Hellman, Ronald Rivest, Adi Shamir, and Leonard Adleman in public-key history, while deployment hygiene draws on guidance from NIST Special Publication 800-63.

History and Development

SecurID was initially developed by RSA Security, a company cofounded by Jim Bidzos and originally commercialized in the mid-1980s amid the rise of networked computing environments like those run by IBM mainframes and DEC VAX systems. RSA Security later became associated with EMC Corporation through acquisition activity, which in turn became part of Dell Technologies after a major corporate transaction; subsequent ownership transitions involved private equity and technology consolidations similar to deals by firms such as Silver Lake Partners and Thoma Bravo. The product evolved from physical tokens used by firms like AT&T and Verizon Communications to software tokens and cloud-based offerings adopted by organizations including Adobe Systems and Twitter. Major platform integrations were announced in collaboration with vendors like Microsoft for Active Directory Federation Services and Oracle for enterprise resource planning.

Security Incidents and Vulnerabilities

SecurID was central to the high-profile 2011 compromise of RSA Security, which affected customers including Lockheed Martin, Northrop Grumman, and The Home Depot by exposing seed material that reduced token effectiveness and prompted emergency remediation by agencies such as the United States Computer Emergency Readiness Team. The incident spurred analysis and commentary from cybersecurity researchers at institutions like Mandiant and KrebsOnSecurity, and prompted updates to product lines and recommendations from NIST. Other researchers from academic centers including Carnegie Mellon University and Massachusetts Institute of Technology published proofs of concept and attack models against OTP algorithms, while vendors such as Symantec and McAfee published advisories about integration vulnerabilities. The exposure led to litigation involving plaintiffs represented alongside firms such as Skadden, Arps, Slate, Meagher & Flom and regulatory scrutiny by agencies like the Securities and Exchange Commission.

Deployment and Use Cases

Organizations across finance, defense, healthcare, and education—ranging from Bank of America and Barclays to NATO and Johns Hopkins Hospital—have used SecurID for VPN access, remote desktop gateways, privileged account management with solutions from CyberArk, and federated single sign-on scenarios involving Okta and Microsoft Azure Active Directory. Service providers such as AT&T and Verizon have offered managed authentication using SecurID, while cloud-native platforms like Salesforce and ServiceNow offered connectors to RSA Authentication Manager. Enterprises employed SecurID for compliance with frameworks and regulations such as PCI DSS, HIPAA, and standards enforced by FFIEC guidance.

The RSA compromise and subsequent customer impact prompted class-action lawsuits and regulatory inquiries involving entities like the Securities and Exchange Commission and state attorneys general in the United States. Contractual disputes and procurement reviews occurred with government contractors such as Booz Allen Hamilton and Raytheon Technologies, and procurement agencies in nations including United Kingdom and Australia reassessed credentialing practices. Privacy regulators and standards bodies such as the European Data Protection Board and NIST evaluated obligations for breach notification, cross-border data transfers, and guidance for multifactor authentication under frameworks like the General Data Protection Regulation.

Reception and Criticism

SecurID received praise from industry analysts at firms such as Gartner and Forrester Research for its enterprise-ready integrations and vendor ecosystem, while critics in publications like The New York Times, Wired, and The Wall Street Journal highlighted single points of failure and the consequences of seed compromise. Security researchers from Stanford University and University of Cambridge questioned the long-term resilience of token-based OTP systems versus modern approaches by FIDO Alliance standards and biometric authentication promoted by companies like Apple and Google. Debates in trade associations such as ISACA and (ISC)² compare SecurID to emerging zero trust architectures advocated by Forrester and institutional frameworks from NIST.

Category:Authentication systems