Employees of City of Copenhagen log on securely with Virtual DIGIPASS
The local government in the municipality of the Danish capital Copenhagen takes the security of its citizens’ seriously. For years, they have been investing in strong authentication to protect the login procedure to the internal network and Outlook Webmail. Static passwords are banned and replaced by DIGIPASS one-time passwords sent as text message (SMS) to the employees’ mobile phones. Today, more than 6,600 users log on with SMS using the very user convenient Virtual DIGIPASS from Vasco.
The regulations of City of Copenhagen demanded that Outlook Web Access and remote access to the network and applications should be secured with strong authentication.
An uncomplicated scalability was one of the main requirements. Furthermore, City of Copenhagen preferred an SMS solution via mobile phone, as employees tend to forget an extra authentication device.
VASCO and City of Copenhagen have shared a long history together. They started with DIGIPASS GO 3 in combination with VASCO’s IDENTIKEY Authentication Server but then switched to Virtual DIGIPASS: an application that sends its one-time passwords per SMS to one’s mobile phone.
Key Project Principles
Security regulations promulgated by the City of Copenhagen demanded that Outlook Web Access (OWA) had to be secured with strong authentication where requests for both secure remote access were verified by the same server. In addition, VASCO was retained by the city to add two-factor authentication to its large Citrix environment. This resulted in the installation of a second server, hosted by the city, which ultimately determined that a merging of these two environments into one would make sense. IDENTIKEY Authentication Server’s central administration features enabled duplicate users to be cleared and naming customs tuned to one another.
The City of Copenhagen implemented VASCO’s DIGIPASS GO 3 to add strong authentication to SMS. This one-button device generates a one-time password by a simple press on the button. Instead of logging on to their Outlook Web mailbox or to the internal network with an unsafe static password, the employees of City of Copenhagen now use two-factor authentication. When the City of Copenhagen’s employees open their login screen, they insert their username and their personal static password. After entering these credentials, IDENTIKEY Authentication Server is triggered to send an SMS with an OTP to the end user’s mobile phone. Only when the OTP is inserted, access to the applications is granted.
“The scalability of this solution was a major asset. In the last couple of years, the number of users has grown and this was easily adapted with Virtual DIGIPASS," said Andreas Hare, Head of Division IT-infrastructure at City of Copenhagen. Every user’s mobile phone with Virtual DIGIPASS is imported into IDENTIKEY’s database and is assigned to the user. In the back-end, IDENTIKEY Authentication Server checks whether the person who sends the request is the right one to log on. The OTP is only valid for a limited period of time. After 32 seconds it becomes invalid, which makes it impossible to intercept and reuse the password.
Related Client Stories
Municipality of Arnhem deploys DIGIPASS GO 6 and DIGIPASS Plug-in for Novell to guarantee secure remote access for its employees
The local government in the city of Arnhem fulfills the role of service provider to its citizens, coordinating administrative duties and developing policies in environmental, education and infrastructure domains. To enable employees to work securely from home or while on the road, Arnhem deployed two-factor authentication using VASCO’s DIGIPASS GO 6 and DIGIPASS Plug-in for Novell to guarantee secure, remote access for its employees to its network.
Combination of PKI encryption and dynamic passwords secure Dorset County Council’s network and confidential information
Dorset County Council is an elected administrative governmental authority. To secure access to its internal network and confidential data, the council required a secure remote access and PKI solution that met mandatory requirements as indicated by the UK Cabinet Office. Dorset County Council implemented DIGIPASS GO 3 and DIGIPASS 860 with PKI functionality to protect its business critical data and network infrastructure from unauthorized access.