SecurEnvoy SecurAccess 4.1

Two-factor authentication has been a key component of IT security strategies for many years but the methods available to implement it vary considerably in cost and complexity. SecurEnvoy’s SecurAccess aims to be the way forward as this solution is designed to be cost-effective and particularly easy to deploy.

A key feature is support for any GSM mobile allowing it to use SMS texts to issue pass-codes. Email is also supported but SMS is the primary method of communication and SecurEnvoy is something of a pioneer in this field as it implemented support well before the majority of the competition. By using GSM mobiles SecurAccess reduces costs as your users won’t need additional tokens. Furthermore, SecurAccess only integrates with LDAP and supports both Microsoft’s Active Directory and Novell’s eDirectory. The majority of competing vendors use their own proprietary database which will require additional hardware.

We found installation is, indeed, very easy and we had SecurAccess up and running in a matter of minutes. During this process you choose AD or eDirectory, provide details of your domain plus the FQDN of an administrative account and enter the location of your directory server. Using our Windows Server 2003 R2 domain controller we had this phase out of the way in seconds. SecurAccess supports GSM modems and information about the serial port and baud rate can be entered next or you can move on to providing details of your web SMS gateway account and SecurAccess supports all the key player such as T-Mobile and HSL. Usefully, SecurEnvoy also offers a trial SMS gateway which includes 1,000 free SMS messages. To send SMS texts to GSM mobiles, each AD or eDirectory user profile must have their mobile number. It’s not a problem if these details aren’t included as SecurAccess can be set to email PINs to users and after they have been authenticated they can enter their mobile number which will be automatically added to their user profile.

The main SecurAccess administrative interface is a tidy affair that we found very easy to use. You can decide whether users should have their Windows password as their PIN or if SecurAccess should manage these. Day codes allow users to receive one pass-code that will valid for a specific period. Blackberry users will approve as it means they can use the same code when synching their email during the day. You can also send users multiple one-time pass-codes in a single SMS text. This could prove handy when users are in areas of poor reception and will also reduce overheads on the SecurAccess server. ICE (In Case of Emergency) is unique to SecurAccess and can be used in disaster recovery scenarios where access to the premises is denied. Activating ICE will cause pass-codes to be sent to specific users and groups in an emergency and allow them to work from another location and securely access resources in your business continuity centre. Preloading is a valuable feature as once a user has been declared to SecurAccess they are sent their first pass-code ready for use. When they authenticate the system then sends them their next pass-code. A smart feature that avoids confusion for users faced with old SMS messages is that each SecurAccess message automatically overwrites the previous one so the user only ever has to deal with one message from the system.

During testing we found the SecurAccess solution easy to use and clearly capable of delivering a strong user authentication system. Seamless integration with LDAP means it requires minimal resources and the ease of deployment makes it’s particularly well suited to businesses with a large remote workforce.