Re: They have Software Tokens?
"Kind of, kind of"
>>like a locksmith who sells you a lock and, when it's compromised, says "oh, everyone knows those aren't secure"
It's more like the locksmith saying, "You let someone have your keys for a couple of hours?" and then saying, "OK, I might have implied that the keys couldn't be copied, but don't let my sales patter get in the way of your commn sense".
Any system is only as strong as it's weakest link, RSA tokens in a two factor scheme is unlikely to be the weakest link, but now it's a little weaker, whereas before a social engineering hack to get software on or physical access to the RSA server wouldn't give you anything, now it does, regardless of the fact that the same software or physical access to a targetted system could get you more.