sCrib ensures password resets are a thing of the past
The problem of using the same weak password repeatedly was highlighted when users had their personal data stolen from Sony’s PlayStation network earlier this year. Every month, hundreds of thousands of people are affected by similar incidents. To tackle the problem, Smart Architects have created sCrib, a small device which plugs into a USB port and stores twelve cryptographically-secure passwords. It is easy to use, improving convenience at the same time as increasing security.
Earlier this year, Cambridge-based Smart Architects was a UK finalist in the Global Security Challenge, a competition to find the world’s most innovative security startups and SMEs. Founder Dr Dan Cvrcek says:
“sCrib means you don’t have to make a compromise between the security of your passwords and your ability to remember them. When you buy our first model of sCrib you can use it to generate twelve passwords of up to 20 characters. You then change twelve of your current passwords for the ones generated by the sCrib. It doesn’t need special software; just plug it in to any computer to access your passwords when you need them. These passwords have the equivalent strength to cryptographic keys used by banks.
“The computer systems in many offices are designed so each worker has to change their password regularly. This heightens security but increases the danger of forgotten passwords. Various studies show that 1 to 10% of users need to reset their passwords every month. With each password reset costing the company up to $70, this is a significant financial burden. Forgotten passwords can be a particular problem if you’re logging in remotely from abroad when the time difference can mean there’s nobody on the IT desk back home.”
The sCrib has four buttons: ‘@’, ‘£’, ‘I’ and ‘*’. Each of these stores three passwords, and having the symbols helps the user to remember what each password is for. The password can be used with the press of one of these buttons rather than being typed. On top of that, a sCrib’s unique algorithm protects passwords against viruses and keylogging, where the action of pressing a key is tracked.
If an sCrib is lost this doesn’t allow anyone else access to the passwords because each password is not accompanied by information about what it is for. To increase security further it is possible to add a typed PIN to important passwords: a few digits or letters which users type before they press a button on the sCrib. This is an instant two-factor authentication.
Dan, who researched security systems with the Cambridge University Computer Laboratory and worked as a cryptography expert at Deloitte, developed the sCrib so that it would be practical for businesses to adopt. He says: “Current systems are expensive and complex to use. The sCrib makes people’s online lives easier.”
Written by Rachel Holdsworth