Windows gets 'strong' passwords as SecurID trials kick off

Microsoft and RSA Security on Wednesday started beta testing a product designed to phase out the use of traditional passwords and replace them with automatically generated passwords from a SecurID token.

SecurID is one of the most popular two-factor authentication systems and is already used by many large enterprises. The token is about the size of a matchbox and generates a new six-digit code every minute.

Users are given an easy-to-remember PIN number to type in alongside the code displayed on the token. With an integrated SecurID system within Windows, enterprises should find easier and cheaper to ensure users do not use weak passwords or forget them.

George Anderson, IT security business development manager at services firm Computacenter, which is one of the participants in the beta trial, said the SecurID and Windows combination is a welcome relief.

"We recognise that password-only security has for some time been inadequate for truly protecting Windows workstations," Anderson said.

The beta test programme is being rolled out to a small number of companies and is expected to last around a month. RSA Security expects the full commercial version to be available in shortly after the trial ends.

Jason Lewis, vice president of product management at RSA Security, said the technology complements RSA's core business, which is to authenticate remote users.

"We've been traditionally focused on security issues outside the firewall and although securing remote access is critical, the RSA SecurID for Microsoft Windows solution addresses a real threat to exposing an organisation's sensitive data within the enterprise," said Lewis.

The integration of SecurID and Windows was first announced at the RSA Security conference in San Francisco earlier this year. At the time, Microsoft's chairman Bill Gates said the development signalled the death of the traditional password.