ReadWriteEnterprise

The cloud is huge. Client access devices are small, and they're everywhere. Personal computers are virtual. Access to all of these resources is continual. Control over the world's single most precious information resource - identity - has become a jump ball.

Next week, ReadWriteWeb will be covering the annual RSA security conference in San Francisco. I never attend a conference without an agenda, and no, I'm not talking about the pamphlet and the floor plan. There's an agenda all my own, and it's based on the subject matter that I've discovered you want to know more about.

It's only a few weeks now before the annual security conference that bears the initials of the first commercial implementers of cryptographic security outside the government security sector. Just in time for RSA, a team of researchers based in Switzerland say they have uncovered evidence of a new flaw in the way public keys are generated using the RSA algorithm. Those researchers include a certain, notable Dutch professor who used to make hacker headlines of his own back in the day.

Although the Swiss team's conclusions are being questioned by some respected names, their data indicates one more reason why commonly used implementations of SSL encryption may be prone to failure, and should perhaps not be trusted at all.

By now the use of phones as the second factor in a security solution is well known and there are any number of vendors operating in this space. Even Google and Facebook have added this to their services, as we wrote about earlier this summer.

The recent security breach at Citibank, coupled with even RSA hiring what may be its first Chief Security Officer Edward Schwartz, point out that you can never be too paranoid about your personal and corporate data security. RSA was in the news earlier this year for an attach on its SecurID two-factor tokens, something that had been considered the ultimate in enterprise security.

It might be time to take another look at two-factor authentication, and see if it makes sense to implement this in your organization. Here are three basic steps to get started:

RSA had a major breach this week. Attackers stole information for 40 million two-factor authentication accounts.

That's a huge breach. And the ones affected most may be IT administrators, who in turn, run the security for countless enterprise and cloud-based services in the public and private sector. The ramifications are considerable. This attack means that hundreds if not millions of people could be affected if IT administrator accounts now get hacked.