After RSA breach, are SecurID tokens in jeopardy?

Hacking tools, including one called Cain and Abel, can calculate the token number using the seed record. This is possible because the algorithm SecurID uses was reverse-engineered and posted on the Internet more than 10 years ago.

"I can imagine how this is going to play out when the IT folks at my company find out about this," wrote one commentator on the Slashdot IT blog. "They'll panic, revoke all the SecureID cards, and at the time no more working from home until something much more complicated, unreliable, and probably requiring Windows 7, is found to replace it. "

Andy Kemshall was RSA's fifth employee in Europe when he started with the company 16 years ago. Afterwards working as a pre-sales technical adviser, he left RSA nine years ago to start his own company, SecurEnvoy, which sells a two-factor authentication product that sends one-time passcodes by SMS to a person's mobile phone.

Kemshall, whose product directly competes with RSA, said his phone had not stopped ringing on Friday, with RSA clients asking questions.