An impressive claim Duo made at the competition is that its clients credentials are more secure than RSA's. "Even if we were to be breached," CEO Song said, "There'd be no way to for an attacker to go and impersonate all the clients, all the end users, because they don't have the private key that's actually on the user's phone." The technology uses a patented system that combines public and private encryption and prevents sharing secrets, he said.
The claim was in response to the judge's question about the widely reported heist on RSA's data centers last March. RSA reported the breach cost $66 million in restitution to clients. For the firms using RSA's two-factor authentication technology, it was a mess to clean up. For example, CRN.com reported that, "... Lockheed [Martin] had to shut down its computer systems and reissue tokens to many of its employees, while requiring a password reset for its 120,000 workers."