Passwords alone offer an insufficient defense against advanced computer hackers, according to a UK startup security firm that plans to use one-time tokens to phase out archaic security protocols.
The Cambridge security firm, Signify, which launches this week, claims that only employing passwords to protect a computer network and individual terminals leaves a company vulnerable to computer criminals.
It is possible, argues the firm, to download tools from the Internet that will allow computer passwords to be checked repeatedly, or attacked with "brute-force". According to Signify, there is just as much danger of someone breaking a password by chance, finding it written down or looking over someone's shoulder.
Security by algorithm
Signify's Keyfob Tokens generate a one-time pin number according to a mathematical algorithm. This means that even if someone looks over a user's shoulder he or she won't be able to re-use the pin. Signify hopes the solution will especially appeal to companies looking to protect mobile workers who log remotely onto a company network.
A recent study from research firm Gartner indicates that for small and medium firms the prospect of being hacked is growing.
"User identification and authentication should be the cornerstone of any security infrastructure," said chief executive of Signify, John Stewart in a statement. "There are so many stories in the media about lax security it's about time companies stopped spending large amounts on high-profile technology solutions and went back to basics."