Require a System-Generated PIN

Document created by RSA Information Design and Development on Jun 13, 2017Last modified by RSA Information Design and Development on Jan 24, 2020
Version 13Show Document
  • View in full screen mode

A user’s token policy determines whether his or her SecurID PIN must be system-generated. System-generated PINs are more secure because they are randomly selected by the server. This prevents a user from selecting a PIN that is easy to guess.

To require system-generated PINs, you must edit the token policy.

RSA RADIUS does not allow system-generated PINs by default. If the token policy requires system-generated PINS, you must edit the RADIUS configuration file securid.ini. For instructions on editing RADIUS configuration files, see Edit RADIUS Server Files.


  1. In the Security Console, click Authentication > Policies > Token Policies > Manage Existing.

  2. Use the search fields to find the token policy that you want to edit.

  3. From the search results, click the token policy that you want to edit.

  4. From the context menu, click Edit.

  5. Use the PIN Creation Method buttons to select Require system-generated PIN.

  6. Click Save.



Related Concepts

Token Policy



We want your feedback! Tell us what you think of this page.