Security firm gets rid of passwords

Cambridge firm hopes password will soon be passe at high-tech firms

Passwords alone offer an insufficient defence against advanced computer hackers, according to a UK startup security firm which plans to use one-time tokens to phase out archaic security protocols.

The Cambridge security firm, Signify, which launches this week claims that only employing passwords to protect a computer network and individual terminals leaves a company vulnerable to computer criminals. It is possible, argues the firm, to download tools from the Internet that will allow computer passwords to be checked repeatedly, or attacked with "brute-force". According to Signify, there is just as much danger of someone breaking a password by chance, finding it written down or looking over someone's shoulder.

Signify's Keyfob Tokens generate a one-time pin number according to a mathematical algorithm. This means that even if someone looks over a user's shoulder they won't be able to re-use the pin. Signify hopes the solution will especially appeal to companies looking to protect mobile workers who log remotely onto a company network.

A recent study from research firm Gartner indicates that for small and medium firms the prospect of being hacked is growing.

"User identification and authentication should be the cornerstone of any security infrastructure," says chief executive of Signify, John Stewart in a statement. "There are so many stories in the media about lax security it's about time companies stopped spending large amounts on high-profile technology solutions and went back to basics."

Take me to Hackers

To have your say online click on the TalkBack button and go to the ZDNet News forum.

Let the editors know what you think in the Mailroom. And read what others have said.