[ISN] Low-tech solution to password problem

From: InfoSec News (isnat_private)
Date: Fri May 31 2002 - 05:09:40 PDT

  • Next message: InfoSec News: "[ISN] The War in All its Online Glory"

    [You have to click the URL above to see the mock-up of the card, on 
    the surface it appears to look more like the old SKey cards I used to 
    use to log into a few networks. I'm more amazed that it caught the 
    attention of the BBC as being a solution to the age old password 
    problem plaguing networks today.  - WK]
    Thursday, 30 May, 2002
    A British inventor has come up with a low-tech answer to the problem
    of having a secure password.
    Martin Wren-Hilton has designed a simple card that could be issued to
    employees as a second line of defence against hackers.
    The card resembles a pre-paid top-up voucher for mobile phones and has
    a list of words and numbers.
    When a user logs on to their PC, the system recognises them as a
    cardholder and asks them to enter the number that corresponds to one
    of the words.
    Low-tech answer
    Each card is unique. But if it is mislaid, it is of no use to a
    potential hacker because the information only works in conjunction
    with a user's password.
    "There is a need for something beyond a simple password and this is a
    low-cost and low-tech solution," Mr Wren Hilton told BBC News Online.
    "There are lots of nerdy ideas about smart cards and other systems but
    generally they cost a lot of money and would only be necessary for
    people who need a high level of authentication for their jobs," he
    "This card could be the solution for the rest of us."
    Mr Wren-Hilton has filed an international patent on the idea and has
    already been approached by companies which offer authentication
    Experts unimpressed
    Marketing director for security firm RSA is not convinced it is a new
    "It is not an uncommon way of authentication and internet banks in
    Germany offer a similar system," he said.
    "It sounds like a reasonable system for high volumes of users who need
    relatively low-level authentication. A lot will depend on how secure
    the back-end system is," he said.
    Research fellow at the London School of Economics Peter Sommer is not
    particularly impressed.
    "There are loads of these ideas and many aren't that well thought
    out," he said.
    "Any system that relies on a third person has problems and I can't see
    any great benefit to the individual with such a system."
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri May 31 2002 - 08:09:00 PDT