John Lewis will replace decade old two-factor authentication systems with a new remote secure authentication system that uses employees' mobile phones.

The high street retailer is deploying two-factor authentication software that turns its employees' mobile phones into virtual security tokens. Around 15,000 workers will be able to use their mobile phones as part of two-factor authentication steps to gain secure access to corporate IT systems.

Under a new deal, John Lewis Partnership will use security software called SecurAccess, from SecurEnvoy, integrated to its Microsoft Active Directory authorisation system. The remote authentication system will replace the existing John Lewis token-based, two-factor system. Matthew Clements, principal programmer for the John Lewis Partnership said John John Lewis had been using traditional token based two factor authentication with its remote access systems since the late 1990's.

The swap is expected to "make considerable savings" for the retailer, reducing deployment costs with cheaper user licences compared to purchasing, replacing and distributing tokens, as well as removing the need for extensive training.

"However, after reviewing the capital, revenue and administration costs associated with the existing system we decided to look for a cheaper alternative and found the SecurEnvoy tokenless approach to be a far superior and cost effective solution," said Clements. The retailer declined to reveal the value of the deal, or provide more details on the cost savings.

Instead of using tokens or passwords, the SecurEnvoy system sends a passcode to users' mobile phones. To log on, employees enter their Microsoft User ID and password, and then the passcode that has been pre-enabled on their mobile phone.

SecurAccess said this pre-loading function eliminates the need to install any software on to the mobile device. Furthermore, it provides users with access to their pass code as soon as they needed it rather than having to wait for an SMS to be delivered, as is the case in some other two-factor mobile authentication systems.