Forsyth Barr SafeNet Authentication

Forsyth Barr is proud to be a New Zealand-owned firm with 19 offices throughout the country and over 250 investment professionals. The firm assists personal, institutional and corporate clients with their investment requirements.


Forsyth Barr is a foundation New Zealand Exchange firm (NZX) and an accredited market participant. Disclosure statements are available on request and free of charge.

Forsyth Barr understands that technology provides a strategic advantage to the business. Dealing with financial and market information means the organisation is expected to ensure client data is secure, and that sources of data are reliable. To this end, an audit exercise is regularly conducted to validate that IT security processes are robust.




Two years ago during such an audit review, Head of Information Technology at Forsyth Barr, Bruce Milne, determined that the current system at the time could be improved by the use of "Two Factor Authentication" (2FA). 2FA is built on the premise that you need to have in your possession something you know (a password) as well as something you have (a SafeWord token) to connect to a system.



Forsyth Barr selected SafeNet's SafeWord authentication solution as it offered flexibility in terms of mobile phone and physical token support. After the initial implementation of

SafeWord and physical tokens, Forsyth Barr trialled the use of the MobilePass application on smartphone devices. The MobilePass option from SafeNet turns a phone into a 2FA device and supports the three smartphone types in use at Forsyth Barr - iPhone, Android and Blackberry. The same solution also allowed for the deployment of SafeNet's physical

tokens in cases where a staff member was not typically using a smart phone.


With staff travelling or working out of normal business hours to assist overseas-based clients, there is an on-going requirement for remote access to systems and information. Over 160 people at Forsyth Barr are enrolled in the 2FA program, which sees the IT team provide graded access to systems and applications based on each staff member's role. Typically, staff are provided with connectivity to Outlook Web Access or different levels of access to desktop applications.


Over time Bruce expects to eliminate the need for physical tokens as the majority of staff adopt smartphone technology. The MobilePass option has eliminated any logistical or set-up considerations as the user can easily download the security applet to their phone, which is always in their possession. Occasionally staff have been known to leave their physical token behind in the office, meaning they have to call the Helpdesk to get access to the company systems whilst travelling.


"The Safeword MobilePass solution from SafeNet represents excellent value for money when you consider no physical tokens are required, given most of our people are now transitioning to smartphones. Knowing that access to the system is not possible without something you know and something you have has meant that the organisation is more comfortable to provide controlled remote access where warranted to staff members."



Setting up staff with MobilePass is a very straightforward exercise. The SafeNet 2FA applet can be downloaded to a mobile device from an appstore. The System Administrator then sends out a passphrase and enrolment URL to the user with a mobile device. The user clicks on the URL, enters the passphrase and completes the set-up with the back-end authentication service. To access the applet on the phone the user is required to enter a pin code. Once entered the authentication service immediately delivers a one-time passcode to the phone so the user can then proceed to login to a system.