Companies are deluding themselves if they spend a fortune on technology and then rely on simple password protection to keep the hackers out, according to Cambridge online security start-up Signify.
"Relying on passwords to know who you are dealing with is like building on a foundation of sand," said Signify's chief executive John Stewart. "It's about time companies stopped spending large amounts on high-profile technologies and went back to basics."
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Graham Titterington, a senior consultant at Ovum, agreed that user-selected passwords are unsatisfactory, "Just by compiling a dictionary of forenames and place names, 40% of all passwords would be covered without having to resort to hacking programs."
Signify is offering an internet-based authentication server based on RSA's SecurID number-generating key fobs.
A built-in timer generates a new Pin number every minute and, after a personal password is entered, the user is then asked for the current number displayed on their fob and this is checked by a synchronised authorisation server.
By directing their security checks to an internet-based authentication server, Signify's customers can save on set-up, management and support of SecurID, Stewart said. It also means that, by setting up all internal and external services on the server, the user needs only one fob not a separate fob for each.