SMS is proving to be a very popular facilitator for two-factor authentication and SecurEnvoy is something of an expert in this area. Its SecurAccess software has always focused on SMS delivery of pass- codes and this latest version delivers a number of new and unique features.

The software can use any GSM mobile to deliver pass-codes via SMS, thus avoiding the additional costs of hardware tokens. It now supports any LDAP server along with Active Directory and Novell's eDirectory. Integration with many other servers, such as Microsoft's ADAM and Sun's Directory Server is now possible, and authentication information is stored within the LDAP servers, which removes the need for an internal database.

SecurAccess 5.3 has a keen eye on service providers as it supports multiple LDAP servers. This allows a variety of authentication services to be offered to customers, with all being run from a single instance of SecurAccess. New tools are provided to aid controlled migrations away from hardware tokens; SecurAccess forwards requests from these users onto the legacy token server, until such time as they are revoked, or the token has expired.

The unique preloading feature tackles SMS network queue delays by sending users their first pass-code as soon as registration is complete. Once the user authenticates, the next token is sent ready for use, with each SMS overwriting the last, to keep the inbox tidy. Users that authenticate infrequently can use the new on-demand service. When they log in to the portal, SecurAccess sends them a flash SMS with a one-time pass-code, and once the message has been read, it is automatically removed from their mobile.

ICE (In Case of Emergency) sets standards that have since been emulated by the competition, as this facilitates access to services during a disaster. With this enabled, users and groups with ICE privileges are sent pass-codes that allow them to securely access business resources running from a contingency site.

We found installation of the SecureAccess server to be very swift, and we provided details of our Windows Server 2003 R2 domain controller, an administrative account, and address of an LDAP server. You can add details of multiple LDAP servers during this phase, and SecurEnvoy says there are no limits to the number that it can support.

The User Deployment Wizard makes light work of installations involving many thousands of users. This four step process leads you through selecting a default pass- code type, deciding on ICE membership, and selecting a domain. It displays all users not yet declared to SecurAccess and you can search this list for those with mobile numbers or email addresses in their profile; either messaging method can be selected for initial deployment. A one-time pass-code is sent out to each user for enrolment and SecurEnvoy advised us that it has seen deployment rates in excess of 300 users per minute.

Users that don't have a mobile number listed in their profile can be asked to provide these details themselves. SecurAccess can email one time pass-codes to these users and once they are authenticated at the web login portal, they must enter their mobile number which is then added to their user profile.

Day-codes avoid having to hand out new codes each time a user authenticates, and will be handy for the Blackberry brigade that may need to sync their email throughout the day. Multiple one-time pass-codes in SMS texts can also be useful for users that can't receive a mobile signal, but still need to access the company network.

This latest version of SecurAccess sees the introduction of a number of valuable new features and integration with any LDAP server reduces cost overheads considerably. The deployment wizards can also easily handle large scale deployments, making SecurAccess a very slick two-factor authentication solution. CS

Product: SecurAccess 5.3
Supplier: SecurEnvoy
Telephone: 0845 260 0010
Web site: www.securenvoy.com
Price: From 10 users, £350 per year
excluding VAT