|Applies To||Best Practices FAQ|
Authentication Manager 6.1.x
Download RSA Authentication Manager 6.1 Security Best Practices Guide here
Warning: This procedure sets users that no longer meet the PIN policy setting, into new pin mode. Example: All users have a 4 character pin. Setting the policy to 5,6,7,8 will put every user in new pin mode.
This can adversely affect replication in a large user database.
|Issue||PIN Management How To.|
Best Practices Technical FAQ
How to change minimum PIN length
Best Practices Guide for ACE/Server 5.2 and Authentication Manager 6.1.x Page 13 PIN management
Note: If you do not see the above message, it is likely that after changing from a shorter PIN to a longer PIN requirement, users are not being challenged to create a new PIN. See details in a54276 Force all tokens to be in New PIN mode 5.2 and 6.1x on SecurCareOnline here
|Notes||Minimum PIN length Change FAQ |
Q: Will Users be required to Login with their current PIN?
A: Yes, new PIN mode can be enforced and require authentication with Existing PIN.
Q: Can I enforce that Users do not use a previous PIN?
Q: Can I enforce a certain type of PIN complexity?
Q: Can I require alphanumeric when the user changes PIN as part of this process?
A: Yes, system generated PINs must be required, and alphanumerica allowed. This will cause system generated PINs to be alphanumeric.
Scenario: Never used system generated PINs before and now requiring system generated PINs.
Q: How is a user PIN affected by increasing the minimum PIN requirement AND requiring system generated PINs.
A: Users with PINs already equal to minimum are unaffected. (unless the force PIN script is used)
A: Users with PINs not equal to minimum will be prompted for new PIN and provided with a system generated PIN
A: If the script above is used ALL users with be in new PIN mode regardless.
|Legacy Article ID||a54294|