No password to paradise
Grajewski's device, which goes by the melodious name of the ebp Lite, solves two of the problems that give IT managers headaches--that of keeping up with the list of passwords that people need in order to do their jobs, and of keeping the passwords secure. You can't just fiddle with the ebp Lite and find passwords, which are entered similar to how you enter text on a cell phone. If someone tampers with the device enough times, it will either stop responding or, if you want to be really secure, will erase itself.
Clearly, it's vastly more secure than those many password managers available as freeware that keep track of passwords on your computer, if only because it keeps the passwords secure, even if someone gains access to your computer. In addition, the device can generate strong passwords and remember them for you, so you no longer have to pick things you can't forget, like Uncle Fred's middle name, as your passwords.
Tokens don't solve the password problem
But no matter how you look at it, this is still a password-only solution. In the flood of e-mails I recently received, I learned a couple of things. First, there is no apparent upper limit to the number of companies that make one or another solution to the password problem, but most of these solutions aren't really very secure. The ebp Lite is an exception to that. The other thing I learned is that a number of IT departments think that you can solve the problems of passwords by using tokens. And, of course, they're wrong.
While the best of tokens look a lot like Grajewski's device, the rest seem to be either cards with magnetic stripes or smart cards. Both work within their limitations, although the mag stripe cards can suffer a wide variety of perils, from demagnetizers at music stores to some that will crack if you put them into your wallet and sit on them. Smart cards are much more secure, and they can be outfitted with a wealth of biometric information and other means of making sure that the person using the smart card is who they say they are. Both types of cards require readers to be useful, and those readers aren't cheap. A few of the tokens, such as Aladdin's eToken, plug directly into the USB port on a computer. This may not solve the problem of having to remember multiple passwords, but it does ensure that the person with the password also has the token.
The problem is that a token (with a few exceptions) is a lot like your car's ignition key. If someone steals it, he or she can do anything you can do--drive off in your car with your key, or break into your computer with your token. For this reason, most token-based solutions also require passwords. So how do you remember the password that the token requires? Now we're back to that same old password problem again.
Yes, there are ways around the password mess, but most of those ways are either not very secure, they're very expensive, or they require means of security (like support for biometrics or tokens) that aren't widespread and are usually expensive.
So it looks like we're stuck with passwords for a while.
Fortunately, there are things you can do. IT managers can standardize on something like Aladdin's eToken for access to company computers. This helps avoid the problem of workers leaving their computers logged on while they're away. If their tokens are on their keychain, they'll probably take them along. And they can insist on strong passwords if they have the means to make it possible for their people to remember them. And the ebp Lite does that.
Together, these devices make a reasonably priced, extremely secure, means of making the password mess survivable. And you won't have to worry about someone guessing Uncle Fred's middle name any more.