Thank you, this helps refine my question.
At first glance, if the current vendor of a device that uses the RSA security protocol fails to identify themselves as NOT RSA the corporation, then they are automatically suspect of taking advantage of the confusion that exists, and are thus not trustworthy of providing an actually-secure service.
OTOH websearch says SecurID "an RSA Business" is the corporation's current brand name for hardware token generators, software token generators, and various other methods of delivering "OTP authentication" ... leading me to think the company is yes in the business at this time.
Now I see in browsing history that a bank I use is offering an RSA SecurID device for $25, to provide "an additional layer of security [for] certain transactions and sensitive information ... to further verify your identity when accessing certain accounts or services. SecurID® is a registered trademark of RSA Security, Inc." So this marketing effort is yes properly identified, however this is a bank that I trust the least, among the banks I use.
In general I do yes want this level of 2FA security available from all financial accounts, to avoid the non-security that is inherent in relying on cellphones or email. However the hack-history (of RSA the company's implementation of RSA the protocol, I guess?) made me think twice. Like, if SecurID devices from 2012 were hackable in eighteen minutes back then, how are they better now - is it just stronger tactics via longer key length? Or is it something better because of using a different strategy?
As I understand it, the Rivest-Shamir-Adleman scheme relies on keeping digital secrets "up the chain". But secret numbers can become non-secret, as by leak or brute-force crack. As cracking compute-power increases, key length must increase also, to ensure the compute-time for cracking remains prohibitively long. This is how even 'perfect' encryption-etc algorithms have only a temporary window of usefulness, beyond which they become insecure, by virtue of crack-power having caught up with their key-length. Is this a reasonable way to explain it to people? Not too tech-y and not too long