000027352 - Changing token policies to require 6-character or 8 character PINs

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000027352
Applies ToAuthentication Manager 7.1 (all)
IssueChanging token policies to require 6-character or 8 character PINs
PIN length requirement
Change PIN Policy
Change token policy
CauseIn Authentication Manager 7.1, policies are assigned and act at a Security Domain level. A change to a policy affects all users in the Security Domains to which that policy is assigned. If the PIN length requirement is changed from 4 to a higher value, such as 6 or 8 characters (as outlined in the Best Practices Guide), all users in the Security Domains to which that policy is assigned will be put in New PIN mode (their current PIN is not removed). On their next authentication attempt the user will use their current PIN and tokencode (or tokencode only if a PIN was not previously required). If this authentication is successful, then the user will be prompted to change their PIN. The new PIN must meet the new policy to be accepted.
Resolution

To alter a token policy, find the policy assigned to the Security Domain you want to alter. Keep in mind that a policy can be assigned to more than one Security Domain, and a change to the policy will affect all of those Security Domains.


Open a Security Console and go to Administration->Security Domains->Manage Existing. The existing Security Domains are listed and each can be viewed to show the currently assigned policies.


To alter the token policy, go to Authentication->Policies->Token Policies->Manage Existing. Edit the policy to which you want to make a change. Under SecurID PIN Format, Change the Minimum Length to 8 and the Maximum Length to 8. You can also change the policy to require alphanumeric PINs. At the bottom of the page click Save. The policy change is immediate.

NotesPlease note that all token types, with the exception of Soft Tokens, support alphanumeric pins.
 
Legacy Article IDa54312

Attachments

    Outcomes