It seems there are as many utilities available for cracking passwords now as there are possible passwords. With most security consultants questioning the worth of passwords, a number of vendors have spied an opportunity in the marketplace for products that take password security one step further.
This is the function of SecurID from Security Dynamics, a computer security solution distributed in Australia by Melbourne-based Megatec.
"Often when you hear about security you hear about the problem being reusable passwords, and that is particularly over the Internet and for dial-up," says SecurID product manager Mark Dimech. "The fact that the password doesn't change from attempt to attempt means that somebody can listen in to the line, see the password as it's used, and then dial up a few minutes later and use it again."
The SecurID system provides an alternative based on "two factor" time-synchronous technology, providing would-be users with a one-time- only password. The system involves network-based software and a calculator-like token with a six-digit LCD panel. It displays a six-digit password which is unique to that card and changes every minute, with no code being displayed twice. When trying to access a network with a SecurID hardware or software module the user is prompted for a PIN and the current password, which is synchronised with the server. Apart from securing networks, Dimech says SecurID is now being integrated into devices such as PABXs to control outward bound international calls.
Dimech said that although Megatec initially sold the SecurID products directly, most sales are now done through resellers. "The reason for that is that it tends to need a pretty strong catalyst for organisations to implement this type of security. And those catalysts are generally remote access to the network."
He says that while many organisations see the benefit of these technologies, they feel a need to balance the potential risk they involve. "So we're not likely to come across a customer by luck - it tends to be a case of having a tender out for a dial-up solution, and one of the requirements is security. So you have a reseller who's in there selling his remote access gear, and this is a check box to win that tender."
Dimech says the SecurID line is most suited to resellers who also play a consultative role rather than just a box, but they represent a nice way for resellers to increase the value of a sale.
Tel 1800 806 563 Fax (03) 9873 4288