On March 17, 2011, RSA, a division of EMC Corp., announced that it had experienced an attack on its computer systems relating to its SecurID two-factor authentication products. Due to the security vulnerabilities with existing RSA SecurID tokens currently in use at the University, Penn State has decided to replace centrally managed RSA SecurID tokens with VASCO tokens.
Information Technology Services has been in touch with access and security representatives (ASRs) regarding the process for the replacement of RSA SecurID tokens and the distribution of VASCO tokens. Those who are in possession of an RSA SecurID token should be hearing from their ASRs shortly regarding the replacement process, including instructions and a time frame for replacement.
Please be aware that this recall only affects RSA SecurID tokens, and not VASCO tokens. The RSA SecurID token is a rounded rectangular shape with red and blue stripes, while the VASCO tokens are oval and solid blue. Pictures of both tokens, along with information regarding their use at Penn State may be viewed at http://ais.its.psu.edu/support/access/auth_tokens.asp.
Penn State units who manage their own implementations of RSA tokens are strongly encouraged to replace those as well. Those units can contact the Security Operations and Services office for more information and assistance, at security@psu.edu or 814-863-9533.