Chorley Council in Lancashire has become the latest council to buy SecurEnvoy’s tokenless two-factor authentication system for remote access to after encountering a range of practical and security problems in its longstanding hardware tokens.
Issues with the unnamed implementation, first installed in 2006, included the loss and damage of tokens, which generated replacement costs and added to management overheads, the Council said. Lost tokens also presented a security risk and staff were unable to log on remotely until a replacement token had been received.
The new service-based SecurAccess system would deliver the same authentication to the mobile phones of 250 remote staff using a time-limited PIN code sent via a smartphone app.
“We were experiencing increasing problems around the management of hardware tokens as employees were misplacing them and issuing new ones not only incurred a cost for the tokens themselves but also involved extra administrative costs and time,” said Chorley Council’s head of customer ICT, Asim Khan.
“SecurEnvoy’s two factor solution means that the user can now take control and we confidently expect this to ease the burden on the technical staff,” he said.
The fact the technology was packaged as a service meant that migration had been a quick process, he added.
In SecurEnvoy’s view, hardware tokens are becoming obsolete for many remote access applications.
“The problem, however, is that when you have any form of hardware token it becomes yet another device to look after and to remember to carry around,” said co-founder, Steve Watts.
“Most people will protect their mobile devices more than they would a plastic token as it has a far higher monetary and personal value. We are more likely to leave hardware tokens at home, in a drawer and on the desk, but we carry mobiles everywhere, making them the perfect tool for authentication.”
SecurAccess is already in use by a number of UK councils, including Cambridge, Hertfordshire, Dundee, Lincoln, Peterborough, and Kensington and Chelsea.