Hewden, the UK equipment rental provider, has chosen SecurAccess from SecurEnvoy to protect its corporate systems when its team of rental professionals need to access applications and data remotely.

SecurAccess is a two-factor authentication solution that uses mobile phones as a virtual token. It removes hardware and deployment management problems, and prevents social engineering and keylogging attacks.

Hewden had originally considered the use of hardware tokens to add a second authentication factor to its remote workforce, but opted for virtual tokens as the most appropriate and effective solution.

Instead of using tokens, which eventually have to be replaced, the virtual option means that a one-time passcode is sent to a remote worker's individual mobile phone. The system is designed so that when a users wishes to log in to the corporate system, they simply enter their standard user name and Microsoft password, plus the passcode from their mobile phone. Once the passcode has been used, a new one is sent and the previous passcode is overwritten, so the user will only ever see one passcode on their phone.

Hewden said it has saved between 50 and 60% of the cost of using hardware tokens and that deployment costs are lower too because the company does not need to post out tokens or send its employees on a training course.

Tom Mann, Hewden's infrastructure manager said: "SecurAccess provides a brilliantly simple solution to a perennial IT problem. Hardware tokens are expensive, not user friendly and all too easy to lose and break. Mobile phones provide a much more robust solution and are very straightforward to use. Our remote workers don't have to remember extra passwords or codes and so there has been a very high level of user acceptance."