RSA (Rivest Shamir Adelman) SecureID two factor authentication is a method for providing a user with access to a network developed by a division of EMC. The user receives a token or dongle that generates a six digit number every 60 seconds. The number is created from an algorithm and a seed record which is a 128 bit number. The random number generated by the token may also be delivered to a user via email or text message. The user has to both enter the randomly generated six digit number and a password to gain access to network, during the time period the random is displayed on the token.

Some systems used to allow a user to enter a special PIN in the event they were forced to access a network. Use of the special PIN would deactivate the account.

Most RSA devices are configured so that a server can recognize not only the number currently displayed by the token but also one generated by the token either one minute before or one minute after. If 'token drift' occurs - the device malfunctions and generates the a number too slowly, a receiving server should be able to detect this and adjust for it. If user enters a number displayed within 10 minutes of the current time, he or she may be challenged by the server to enter a second token number, that which is displayed immediately after the challenge is received.

Some RSA tokens will have a USB connection in order to store a certificate.