Quote:
Originally Posted by Dolby
Plus if you have a keylogger on your system once you enter in enough codes they can figure out the key to your authenticator, remove the authenticator from your account using the key and set a password of their choice.
|
They don't even need to see enough codes via a keylogger. The recent penetration of Lockheed came about from an earlier penetration this spring at RSA that compromised the SecureID hardware tokens. To resecure the system, RSA had to reissue every token based on their SecureID system.