John Lewis secures 15,000 staff with mobile phone two factor network security

Retailer John Lewis has secured 15,000 staff with the SecurAccess remote authentication system, which uses mobile phones.

The system from SecurEnvoy offers two-factor authentication that transforms mobile phones into virtual network tokens.

Instead of using tokens or smart cards, the SecurAccess system sends a passcode to users' mobile phones.

When users wish to log on to the corporate system, they enter their Microsoft User ID and password, and then the passcode that has been pre-enabled on their mobile phone.

Once the passcode has been used, it is superseded with a new one sent to the phone.

This pre-loading function eliminates the need to install any software on to the mobile device, and provides users with access to their passcode as soon as they need it, rather than having to wait for an SMS message to be delivered.

John Lewis expects to make considerable savings by swapping from token-based two-factor authentication to SecurAccess.

The user licence is cheaper than purchasing, replacing and distributing tokens, and deployment costs are lower with no need for training courses.

Matthew Clements, principal programmer for John Lewis, said, "We have been using traditional token based two factor authentication for remote access systems since the late 1990s.

"However, after reviewing the capital, revenue and administration costs associated with the existing system, we decided to look for a cheaper alternative, and found SecurEnvoy's tokenless approach to be far superior, and a cost effective solution."