SecurEnvoy SecurAccess 4.1
Simple SMS text-based passcodes, slick LDAP integration, fast deployment possible for large user base, excellent value for money
Very sloppy online help
SecurEnvoy's cost-effective and easily managed two-factor authentication solution makes complex passwords a thing of the past
Passwords will always be the weakest link in any IT security strategy. Two-factor authentication can add security and help reduce password complexity.
SecurEnvoy has been in this game a long time, and its SecurAccess software aims to provide a cost-effective solution designed to be easy to deploy and manage. It has a number of key differentiators as it can use any GSM mobile allowing passcodes to be issued via simple SMS texts. It can also issue passcodes using email messages, but SMS has always been its primary mode of communication.
Unlike many other solutions that use proprietary services and databases that may require additional hardware platforms, SecurAccess only integrates with LDAP and can support both Microsoft's Active Directory and Novell's eDirectory.
Installation is a very swift affair, and we had SecurAccess running on a Windows Server 2003 R2 system in a few minutes. The setup takes you through selecting AD or eDirectory, entering the fully qualified domain name of a nominated admin account and providing the product's security server with the IP address of at least one directory server. For the latter we handed it the address of our Server 2003 domain controller.
You have a couple of options for sending SMS texts. SecurAccess supports GSM modems and the details about the serial port and baud rates can be entered during installation. We opted for the more prevalent web SMS gateway service. For trial purposes, the vendor provides an SMS gateway service and 1,000 free messages.
The preloading feature keeps SecurAccess one step ahead of the competition by sending users their first passcode as soon as they have been registered. This means they're ready to go as soon as they want to log in and the moment they've authenticated they will be sent the next one ready for use.
The administrative interface is somewhat rudimentary, but it does provide easy access to all the features. However, SecurEnvoy should tidy up its online help as its spelling mistakes and grammatical errors make it look very amateurish. Fortunately, we didn't need to resort to the help file very often, and our first task was to decide whether the Windows password for each user should be their PIN or whether this should be managed by SecurAccess, which can handle four- to eight-character PINs.
Rather than dish out new codes every time a user logs on you can use day codes instead. These are issued at a set time each day and will remain valid for a specific time period. Other options include the ability to send out multiple one-time passcodes via SMS. This will no doubt be useful when your mobile cannot get a signal, but you still need to access the company network. The rather unique ICE (in case of emergency) feature comes into action where access to premises may be denied in a disaster. Simply check one tick box to activate ICE and all users and groups with this privilege will be sent passcodes, allowing them to securely access business resources from another remote location - assuming, of course, you have a business continuity plan.
During testing, SecurAccess worked flawlessly and we found it extremely easy to deploy, thanks to the bundled utility that guides you through a simple four-step process. Decide on a default passcode type, select a domain, add any required filters and leave it to search for undeclared users. Next, you can search the results for those with mobile numbers or email addresses in their user profile and deploy SecurAccess directly via one of these two messaging methods.
Naturally, for SMS texts to be sent out, each AD or eDirectory user profile must have their mobile number listed. Usefully, you can get users to provide this information themselves as SecurAccess can email their first PIN to them, request their mobile number when they logon and add it to their profile.
SecurAccess is a slick two-factor authentication solution that we found very easy to manage. LDAP integration makes it a cinch to deploy and it'll also slot neatly in with any remote access server that uses Radius authentication.