London borough secures remote access with mobile passwords

London borough secures remote access with mobile passwords

Kensington and Chelsea council workers are logging on using passwords delivered by SMS

The Royal Borough of Kensington and Chelsea has given 3,000 council employees secure access to corporate systems by using their mobile phones to receive one-time passwords.

The software, supplied by SecurEnvoy, aims to prevent social engineering and key logging attacks.

Instead of using secure token devices to authenticate details, remote workers receive one-off passcodes on their mobile phones, which they use in addition to their usual login details. When the passcode has been used, a new one is sent to overwrite it.

The system improves security and alleviates the user of responsibility for tokens, said Russell Hookway, network and telecommunications manager for the council.

“In the past we had instances where staff misplaced the tokens or attached them to their laptops, which was not very secure and placed an unnecessary burden on the IT support team," he said.