John Lewis today announced a deal to implement remote secure authentication procedures using employees' mobile phones.
The High Street retailer will use new security software integrated to its Microsoft Active Directory authorisation system to enable its 15,000 UK staff to use their mobile phones as part of two-factor authentication steps to access corporate IT systems.
The system for remote authentication using mobile phones, from provider, SecurEnvoy, will replace John Lewis' existing separate token-based, two-factor system. And the transition is aimed at reducing deployment costs with cheaper user licences compared to purchasing, replacing and distributing tokens, as well as removing the need for extensive re-training.
Matthew Clements, principal programmer for the John Lewis Partnership, said the company had been using traditional, token-based authentication with its remote access systems since the late 1990s.
"However, after reviewing the capital, revenue and administration costs associated with the existing system we decided to look for a cheaper alternative and found SecurEnvoy's token less approach to be a far superior and cost-effective solution," he said.
Instead of using tokens or smartcards, the SecurAccess system sends a pass code to users' mobile phones. When users want to log on to the corporate system, they enter their Microsoft User ID and password and then a pass code that has been pre-enabled on their mobile phone. Once the pass code has been used, it is superseded with a new one sent to the phone.
