000017368 - What is a reserve password?

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000017368
Applies ToRSA Authentication Agent 6.1.3, RSA Authentication Agent 7.0.2
 
IssueWhat is a reserve password?
Resolution

The reserve password feature is an emergency access method that enables you, the administrator, to authenticate to a user?s protected computer as that user without entering an RSA SecurID passcode.


If the reserve password feature is enabled, and the Windows system is unable to communicate with the RSA Authentication Manager at the time of authentication, instead of displaying a message that the Authentication Manager is unreachable, the system prompts you to enter a reserve password instead of a passcode.


The reserve password is encrypted and stored in the registry. However, you set and clear it only through the RSA Security Center. The reserve password is case sensitive and must include at least one letter and one number.


 If you select All Users as the challenge option, and the network connection fails, no one, including an administrator, can access the desktop on the protected computer. For this reason, RSA strongly recommends either setting a reserve password, or using another emergency access method for administrators.


Testing the Reserve Password


If, on the Challenge Settings page, Enable reserve password is selected, and the Password field contains dots, a reserve password has been set for this computer.


The steps for testing the reserve password vary depending on whether offline authentication is enabled or disabled.


Do you want to test the reserve password when:


 Offline authentication is enabled?


Offline authentication is disabled?


To test the reserve password when offline authentication is enabled:


1.       Authenticate to the network as a user who has not received offline data on this computer.  (i.e. . if  you  use to log on normally with your AD credentials and every time the authentication was working fine, then start using an account such as LocalAdmin or Administrator which was not used earlier to log on to this machine  for RSA authentication provided you should know the windows password of this account)


2.       Disconnect the computer from the network.


3.       Attempt to log on to the local desktop.


If the reserve password is working, you are prompted for a reserve password followed by the windows password.


 


To test the reserve password when offline authentication is disabled:


1.       Disconnect from the network.


2.       Attempt to log on to the local desktop.


 


If the reserve password is working, you are prompted for a reserve password.


 


Note: Reserve Password must be 6 to 12 characters and contain at least one letter and one digit.

NotesNote: in newer version of the RSA Authentication Agent for Windows, the Reserve Password is set through Group Policy
 
Legacy Article IDa54570

Attachments

    Outcomes