 If you've got one of these, chances are, you're screwed. Seems as though RSA got breached like a bitch. Well, I know what you're thinking, dump RSA and let's get another token in place. Let's not jump to conclusions, Hader. In order to get some magic number, they need the serial code on the back of your token. Then they need your username, your password, VPN address of your company, if they implemented a PIN, that too. And what they're gonna do when they get in, just find out that you send emails to the girl in HR all day. So, what do we do about this? First off, don't panic. You've still got your one-factor authentication, your username and password. That's good enough for Facebook, it should be good enough for your company. Second up, don't do biometrics. People are gonna try and come to you and say, biometrics are the way of the future. These two FA tokens aren't good enough. Absolute crap. I've been doing some digging around and respected security expert, Wim Reims, has come up with the ultimate solution. RSA should pair up with Apple and design a bumper that goes around your RSA secure ID token, therefore covering up the serial number. Until next time.