For DataPipe, a privately held Web hosting and IT outsourcing company, the threats of cybertheft and hacker attacks are more than just a concern–they represent major potential liabilities. The computer servers at the Hoboken, N.J.-based company traffic in huge amounts of private data from corporate clients–everything from e-commerce transactions to medical records. A single server may host Web pages or e-mail for several companies, so a wily hacker could compromise several clients in one shot.

While DataPipe uses several layers of security to guard against intruders, the one that it considers among its most effective involves two-factor authentication, which requires a second passcode or device, in addition to a more conventional secret personal identification number (PIN), to allow a user onto a system.

At DataPipe, whenever an employee tries to enter a secure server, the system requires the use of a physical token, a small plastic device with a screen display that flashes a password or code needed to enter. But unlike standard ATM cards, the tokens–supplied by Secure Computing Corp.–flash a new password every time they're used, making it much harder for an outside attacker to crack the code. "We want the highest level of security we could possibly have at a reasonable cost," says Joel Friedman, DataPipe's chief security officer. "With a one-time password, every time [a hacker] takes a guess, it's changed again. It's like a moving target. You can't exhaust the combinations because they keep changing."