Security

UK University Staff Seeks Security with Tokenless 2-Factor Authentication

• By Dian Schaffhauser
• 08/04/15

A UK-based university has gone public with its use of a "tokenless" two-factor authentication system among devices used by all staff members to strengthen security for users accessing network resources remotely. Manchester Metropolitan University deployed SecurAccess from SecurEnvoy.

The institution, which has about 37,000 students and nearly 4,000 staff members, previously limited access to IT applications with sensitive data to users physically on campus. As requests for remote access to the virtual private network grew, the IT security organization sought an alternative approach that would provide stronger security beyond the standard username and password set-up.

Manchester's IT decided to test out multi-factor authentication, a scheme that requires the standard login as well as the use of a passcode generated on the fly. The university took a tokenless approach, which makes use of the user's mobile device. A passcode is sent via SMS or email or generated using an app.

After a small pilot, Manchester acquired 500 licenses and followed that with an additional 3,500 last November. Deployment was simplified by integration with Microsoft's Active Directory directory service.

"We place great value on the implementation of IT security measures," said Mike Preece, IT services solutions architect, in a prepared statement. "We have to ensure that our systems and data are protected while making sure access to the systems is as simple as possible for staff working remotely. The soft token technology from SecurEnvoy fits perfectly with this approach."