Guidance for Organizations Concerned With the Vulnerability of Authentication Tokens