Skip to content Skip to navigation Skip to footer

RSA SecurID Definition

Two-factor authentication (2FA) and multi-factor authentication (MFA) work. Here are some proof: 

  1. When MFA became mandatory for millions of Google users in 2021, Google saw a 50% decline in account compromise
  2. Microsoft claims that MFA blocks almost 100% of automated attacks

MFA is an Identity and Access Management (IAM) strategy that protects network resources from unauthorized access. RSA SecurID is a suite of solutions that includes MFA and much more. 

So what exactly is RSA SecurID, how does it work, and what type of security does it provide? What vulnerabilities, if any, should users know about?

What Is RSA SecurID: RSA SecurID Overview

Created by RSA Data Security, RSA SecurID is an MFA technology designed to increase security for network resources and help organizations maintain compliance. It combines password or PIN authentication with hardware authentication in the form of a physical token.

Is RSA secure? Many feel so because RSA SecurID offers more than just MFA. It has a whole suite of IAM features, including user access and role management, centralized control, and user monitoring.

Are RSA and SecurID the Same?

What used to be two products are now married into one suite of solutions. Formerly, RSA—or RSA Authentication Manager—handled authentication requests and policy administration. SecurID used three components to protect network resources: tokens, agents, and a virtual or physical server. RSA SecurID now offers all of this protection under one roof.

How Does RSA SecurID Work?

RSA SecurID is technically two-factor authentication, but it uses three layers of security:

  1. Something known by the user: This is a PIN or password only known by the user. A user is first prompted for their PIN or password when they access network resources. 
  2. Something held by the user: This is a physical token, badge, or one-time password (OTP). The token provides a code that is combined with the PIN or password. The RSA authentication agent intercepts these for validation.
  3. Something unique to the user: You can add an extra layer of security by using biometrics, facial recognition, or fingerprint readers.

RSA SecurID offers a broad range of MFA options, including biometrics (fingerprint and eye print), email codes, Fast IDentity Online (FIDO)-based authentication, hardware tokens, mobile push authentication, proximity-based authentication, risk-based authentication, SMS codes, soft tokens, and voice-activated authentication. As an IAM technology, RSA SecurID does more than just grant access; it also determines the level of access to data and applications granted to each user.

Common RSA SecurID Vulnerabilities

No technology is 100% secure, so often, layered security that combines multiple techniques is best. Although few, RSA SecurID has certain vulnerabilities, and knowing what they are can help your security team minimize risk.

  1. Stolen hardware tokens: If a perpetrator successfully steals a token, card, or badge, they will have access to one of the two steps for authentication. 
  2. Stolen software tokens: Just like passwords and PINs, codes can be hacked. If a hacker accesses the code and the password or PIN, 2FA becomes useless as a security measure. An example was the attack on MeetMindful.com in 2021 that compromised Facebook authentication tokens. This is why many professionals recommend biometrics as a third security layer. 
  3. Stolen credentials: Reusing stolen credentials makes up about 80% of all hacking incidents. An example is the massive compromise of eBay credentials in 2014. A big part of risk monitoring and mitigation is ensuring password security, and an important feature of RSA SecurID is password management.
  4. Man-in-the-middle (MITM) attacks: RSA SecurID cannot repel all MITM attacks, but it protects against password replay attacks. Password replay occurs when a malicious actor intercepts a session that they then resend or delay to get the recipient to do their bidding. Other types of MITM attacks—like Internet Protocol (IP) spoofing, Hypertext Transfer Protocol Secure (HTTPS) spoofing, Domain Name System (DNS) spoofing, and so forth—are not always repelled. If a malicious party intercepts communication between a user and the network, they can gather enough information to impersonate a user and gain authorized access. An example is the breach of Equifax in 2017.

10 Functionalities of RSA SecurID

RSA SecurID provides layers of security across all network levels, from user to hardware to the cloud. It is an all-in-one suite of solutions that manages access based on risk assessment, MFA, identity governance, security policy management, threat intelligence, identity insights, and user lifecycle management. The IAM features it supports include:

1. Access Request Management

When employees request access to a resource, RSA SecurID views and manages the request. It determines whether access should be granted and at what level.

2. Account Management

RSA SecurID manages user accounts across an organization. This is particularly necessary because of employee turnover, changes in user access and permissions, and new talent onboarding.

3. API Access Management

RSA SecurID ensures authenticated users can access application programming interfaces (APIs). It determines user access to applications, frameworks, software, and management tools. 

4. Compliance Management

RSA SecurID assesses risks, ensures policy compliance, and verifies that users follow secure policies, procedures, and processes. RSA SecurID also ensures organizations are legally compliant, especially regarding third-party access and data privacy.

5. Multi-factor Authentication (MFA)

Through a password or PIN and a hardware token, RSA SecurID provides two-factor authentication for users. A third layer, such as biometrics or other unique user features, can be added to further strengthen security. 

6. Passwordless Login

RSA SecurID offers passwordless login, a login based on a physical token, biometrics, or FIDO-based authentication. One of the benefits is that a user can be authenticated even without a network connection—meaning, even offline work is secured.

7. Password Management

RSA SecurID’s password management feature enables IT admins to authenticate, manage, and even reset passwords. This mitigates breaches by reducing the response time to malicious entities' attempts to access your system in case a password is stolen or compromised.

8. Role Management

RSA SecurID regulates user access according to permissions and access levels contained in a directory. As user access changes or employees leave or are hired, role management ensures user access will continue to be seamless and secure.

9. Single Sign-On (SSO)

SSO unifies user access and permission under a single set of credentials. It simplifies access to the network, the cloud, and applications while maintaining security and privacy. It streamlines user sign-in, enhancing productivity and efficiency. For example, if you are logged in to Gmail, you have instant access to other applications under the Google umbrella, such as YouTube and Google Docs.

10. User Activity Monitoring

RSA SecurID monitors and records user activity for administrative and security purposes. This streamlines risk assessment and incident investigation and protects network resources from unseen threats.

RSA SecurID vs. SSO vs. RSA Authentication Manager

RSA SecurID is the solution suite offered by RSA Data Security. RSA Authentication Manager is the management component, and it:

  1. Verifies authentication requests
  2. Administers authentication policies
  3. Provides a web-based console for system administration and token management
  4. Provides logging and reporting capabilities for compliance

SecurID is the server component and includes:

  1. Authenticators, including software and hardware tokens
  2. Agents, which protect network resources by requiring MFA
  3. An Authentication Manager server, whether as hardware or a virtual machine

Pros of RSA SecurID Solutions Suite

  1. Ease of integration
  2. Secure MFA
  3. User access and role management
  4. Reduced risk of system compromise

Cons of RSA SecurID Solutions Suite

  1. Vulnerability to token or code theft and some MITM attacks

SSO, however, is a product from a different provider. An authentication and user authorization solution by BuzzFeed, it provides users with a single set of credentials for access to the network and various applications.

Pros of SSO

  1. Streamlined user access
  2. Unified password
  3. Ease of integration

Cons of SSO

  1. Using a single password formultiple logins can be risky
  2. SSO failure cuts system access
  3. It is vulnerable to identity spoofing

Designed for enterprise use at scale, RSA SecurID can handle millions of users from countless access points.

How Fortinet Can Help?

To help protect organizations from account or password compromise, Fortinet offers FortiToken Cloud, which simplifies and centralizes the management of two-factor authentication tokens in a FortiGate or FortiAuthenticator environment. It offers:

  1. Centralized two-factor management
  2. Simplified deployment
  3. Stackable subscriptions

Since FortiToken Cloud is a cloud service, its intuitive dashboard can be accessed from anywhere as long as you have an internet connection. It can be easily deployed at scale, making it a smart choice for organizations of all sizes.

FAQs

What is RSA SecurID?

Created by RSA Data Security, RSA SecurID is a multi-factor authentication (MFA) solution designed to increase security for network resources and help organizations maintain compliance. It combines password or PIN authentication with hardware authentication in the form of a physical token.