on Jun 14, 2016Article Content
| Article Number | 000027352 |
| Applies To | Authentication Manager 7.1 (all) |
| Issue | Changing token policies to require 6-character or 8 character PINs PIN length requirement Change PIN Policy Change token policy |
| Cause | In Authentication Manager 7.1, policies are assigned and act at a Security Domain level. A change to a policy affects all users in the Security Domains to which that policy is assigned. If the PIN length requirement is changed from 4 to a higher value, such as 6 or 8 characters (as outlined in the Best Practices Guide), all users in the Security Domains to which that policy is assigned will be put in New PIN mode (their current PIN is not removed). On their next authentication attempt the user will use their current PIN and tokencode (or tokencode only if a PIN was not previously required). If this authentication is successful, then the user will be prompted to change their PIN. The new PIN must meet the new policy to be accepted. |
| Resolution | To alter a token policy, find the policy assigned to the Security Domain you want to alter. Keep in mind that a policy can be assigned to more than one Security Domain, and a change to the policy will affect all of those Security Domains. Open a Security Console and go to Administration->Security Domains->Manage Existing. The existing Security Domains are listed and each can be viewed to show the currently assigned policies. To alter the token policy, go to Authentication->Policies->Token Policies->Manage Existing. Edit the policy to which you want to make a change. Under SecurID PIN Format, Change the Minimum Length to 8 and the Maximum Length to 8. You can also change the policy to require alphanumeric PINs. At the bottom of the page click Save. The policy change is immediate. |
| Notes | Please note that all token types, with the exception of Soft Tokens, support alphanumeric pins. |
| Legacy Article ID | a54312 |