Information Security News mailing list archives

Low-tech solution to password problem


From: InfoSec News <isn () c4i org>
Date: Fri, 31 May 2002 07:09:40 -0500 (CDT)

http://news.bbc.co.uk/hi/english/sci/tech/newsid_2006000/2006940.stm

[You have to click the URL above to see the mock-up of the card, on 
the surface it appears to look more like the old SKey cards I used to 
use to log into a few networks. I'm more amazed that it caught the 
attention of the BBC as being a solution to the age old password 
problem plaguing networks today.  - WK]
 

Thursday, 30 May, 2002

A British inventor has come up with a low-tech answer to the problem
of having a secure password.

Martin Wren-Hilton has designed a simple card that could be issued to
employees as a second line of defence against hackers.

The card resembles a pre-paid top-up voucher for mobile phones and has
a list of words and numbers.

When a user logs on to their PC, the system recognises them as a
cardholder and asks them to enter the number that corresponds to one
of the words.

Low-tech answer

Each card is unique. But if it is mislaid, it is of no use to a
potential hacker because the information only works in conjunction
with a user's password.

"There is a need for something beyond a simple password and this is a
low-cost and low-tech solution," Mr Wren Hilton told BBC News Online.

"There are lots of nerdy ideas about smart cards and other systems but
generally they cost a lot of money and would only be necessary for
people who need a high level of authentication for their jobs," he
said.

"This card could be the solution for the rest of us."

Mr Wren-Hilton has filed an international patent on the idea and has
already been approached by companies which offer authentication
services.

Experts unimpressed

Marketing director for security firm RSA is not convinced it is a new
idea.

"It is not an uncommon way of authentication and internet banks in
Germany offer a similar system," he said.

"It sounds like a reasonable system for high volumes of users who need
relatively low-level authentication. A lot will depend on how secure
the back-end system is," he said.

Research fellow at the London School of Economics Peter Sommer is not
particularly impressed.

"There are loads of these ideas and many aren't that well thought
out," he said.

"Any system that relies on a third person has problems and I can't see
any great benefit to the individual with such a system."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.


Current thread: