Devices like this are basically TOTP reified. I mean, they aren't literally the TOTP protocol the technology is different, but it's a secret value (baked into the device) which is combined with a clock and a decent hash to produce predictable values over time. A kilt is a skirt, my sister isn't wearing a kilt but if you haven't seen any other skirts then "It's basically a kilt" is a pretty fair description.
RSA is embarrassing because they kept the fucking secret values. As a result it was strictly worse than just getting whatever cheap knock off you can purchase. I believe their rationale was if they keep these values when a customer inevitably goes "Oh, oops, we lost the values" instead of "Too bad, now you own useless bricks, buy more" you can "Help" them by providing the secret values again. But that ought to be the very stupidest idea from a security company if only there weren't so many other embarrassing stories.
In 2011 they suffered "an extremely sophisticated cyber attack" aka basic phishing, and bad guys are assumed to have stolen the complete database. So, that's not great.
RSA is embarrassing because they kept the fucking secret values. As a result it was strictly worse than just getting whatever cheap knock off you can purchase. I believe their rationale was if they keep these values when a customer inevitably goes "Oh, oops, we lost the values" instead of "Too bad, now you own useless bricks, buy more" you can "Help" them by providing the secret values again. But that ought to be the very stupidest idea from a security company if only there weren't so many other embarrassing stories.
In 2011 they suffered "an extremely sophisticated cyber attack" aka basic phishing, and bad guys are assumed to have stolen the complete database. So, that's not great.