Every small company matures in its approach to security. If lucky, you mature because you realize the value of better security as you grow. If unlucky, you jump deep into the security world because of an intrusion and expensive (time and money) cleanup.

CryptoCard's mantra during the Network World Small Business Technology Tour , which I hosted, is to eliminate static passwords. Early in its presentation, it debunked many of the security myths small and midsized businesses believe, such as static passwords are "free" and secure. Neither is true.

On first blush, passwords are free. Any network server - Microsoft or Linux or Novell or Sun or whatever - offers usernames and passwords as part of their default package. You don't pay extra for the ability to assign and use passwords. However, you will pay dearly if you trust them.

One of two things happens with users and static passwords: They write them down (compromising security) or they forget them and require support to reassign them (costing money). You can't blame users, because most people have five to 15 passwords and/or numbers to remember. But how do you know whether a remote user trying to get access to your network is an employee or a hacker?

CryptoCard works on the idea of two-factor authentication. It likes to reference the bank ATM card everyone carries. The two factors are something you have (the card) and something you know (the PIN).

A variety of CryptoCard products take the place of the ATM card, including Smart Cards, USB drives, key fobs with small screens, and even software tokens for some PDAs. These products generate a single-use password that provides guaranteed authentication to the protected network resources.

The thing you have (CryptoCard client product) and the thing you know (a PIN for the CryptoCard client product) create a single-use password that proves who you are. You remember those old Army movies where a sentry asks, "Halt, who goes there?" With CryptoCard, the sentry knows, absolutely, that you go there.

In fact, some of the most interesting applications for CryptoCards have nothing to do with computer networks. One of their Technology Tour case studies, the Lower Colorado River Authority, uses CryptoCard to speed maintenance of power plants. To work on part of the generation equipment or transmission grid, power must be shut off to that section. In the past, workers had to go to the point of repair, get information and tag the work to be done, then carry the red tag back to the office to authorize turning power off. When finished, they reversed the process to get power turned back on again.