Here is a pet-peeve of mine with RSA: they seem unable to use a simple revocation system for their conference badges. This has led to increasing fees for lost badges, over the years, and I just received a notice that shows they have really lost it:

Treat your badge like a prized possession- replacing it will cost $1895, the price of Full Conference registration!

How can a security company that specializes in tokens and identity management be forced to resort to huge fees as a disincentive/control? A simple revocation system would make the lost badge invalid and a nominal fee for the cost of replacement seems reasonable. Charging the price of full and late registration just says “hello, we don’t have any security to stop lost/stolen badges”.

And that’s not even to go into the whole mess of what people might do now if they see a badge on the floor, or hanging precariously from someone’s pocket. How many “prized possessions” do you wear that are worth almost $2000K?! It’s no longer a useless piece of identification but a form of currency that you hang boldly around your neck. Imagine a call to the San Jose police where you report a mugging or felony-theft of your *ahem* conference badge.

This is just nuts (even if the badges are not controlled by RSA). I simply can not imagine how RSA sees this as a positive development for their branding. Here’s a hint of a better way: include the cost of an RSA fob for the full conference attendees and charge them a fob cost for replacement. This has the obvious advantage of not only being safer and more secure, but it could lead to test feedback and perhaps even fob innovation.