Companies are deluding themselves if they spend a fortune on
technology and then rely on simple password protection to keep the
hackers out, according to Cambridge online security start-up
Signify.
"Relying on passwords to know who you are dealing with is like
building on a foundation of sand," said Signify's chief executive
John Stewart. "It's about time companies stopped spending large
amounts on high-profile technologies and went back to basics."
Graham Titterington, a senior consultant at Ovum, agreed that
user-selected passwords are unsatisfactory, "Just by compiling a
dictionary of forenames and place names, 40% of all passwords would
be covered without having to resort to hacking programs."
Signify is offering an internet-based authentication server
based on RSA's SecurID number-generating key fobs.
A built-in timer generates a new Pin number every minute and,
after a personal password is entered, the user is then asked for
the current number displayed on their fob and this is checked by a
synchronised authorisation server.
By directing their security checks to an internet-based
authentication server, Signify's customers can save on set-up,
management and support of SecurID, Stewart said. It also means
that, by setting up all internal and external services on the
server, the user needs only one fob not a separate fob for
each.