000015958 - Users failing authentication with 'Bad PIN but good tokencode'

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000015958
Applies ToSecurID Appliance 3.0
Authentication Manager 7.1
IssueUsers failing authentication with "Bad PIN but good tokencode"
CauseThis message assumes that an unauthorized person has the token and is guessing PINs.  It is possible that the user forgot their PIN or may be using a correct PIN for a different token. 
Resolution
The following steps will help correct this issue:

  • Check that the user is using same token that is assigned to them.  Match the serial number on the back of the token to the assigned token you see in the Security Console.
  • Clear the PIN for this token (Identity > Users > Manage Existing > search for the user > click on the context arrow next to the user name > SecurID Tokens > click on the context arrow next to the token > Clear SecurID PIN). 
  • Have the user create a new PIN, making sure the user knows what makes a valid PIN in their environment.
  • With the real time activity monitor running, have the user attempt to authenticate again assigning themselves a new PIN
Legacy Article IDa52801

Attachments

    Outcomes