Companies are deluding themselves if they spend a fortune on technology and then rely on simple password protection to keep the hackers out, according to Cambridge online security start-up Signify.
"Relying on passwords to know who you are dealing with is like building on a foundation of sand," said Signify's chief executive John Stewart. "It's about time companies stopped spending large amounts on high-profile technologies and went back to basics."
Graham Titterington, a senior consultant at Ovum, agreed that user-selected passwords are unsatisfactory, "Just by compiling a dictionary of forenames and place names, 40% of all passwords would be covered without having to resort to hacking programs."
Signify is offering an internet-based authentication server based on RSA's SecurID number-generating key fobs.
A built-in timer generates a new Pin number every minute and, after a personal password is entered, the user is then asked for the current number displayed on their fob and this is checked by a synchronised authorisation server.
By directing their security checks to an internet-based authentication server, Signify's customers can save on set-up, management and support of SecurID, Stewart said. It also means that, by setting up all internal and external services on the server, the user needs only one fob not a separate fob for each.