Configure Handling of Incorrect Passcodes

Occasionally, a user mistakenly enters a series of incorrect passcodes before entering the correct passcode. You can configure how Authentication Manager handles these situations.

You can allow users to enter an unlimited number of incorrect passcodes, or limit the number of incorrect passcodes a user is allowed to enter. If you set a limit, when the limit is exceeded and followed by a correct passcode, users are prompted to enter the next tokencode that displays on their token.

This guards against situations in which an unauthorized person attempts to guess a passcode. In such a case, even if the person guessed a correct passcode, he or she is prompted for the next tokencode and given only one chance to enter it correctly. If the person enters the next tokencode incorrectly, the user account to which the token belongs is locked.

This behavior is controlled by the OTP authenticator policy assigned to individual security domains. To change this setting you must edit the policy.


  1. In the Security Console, click Authentication > Policies > Token Policies > Manage Existing.

  2. Use the search fields to find the policy that you want to edit.

  3. From the search results, click the policy that you want to edit.

  4. From the context menu, click Edit.

  5. Under Basics, for Incorrect Passcodes, specify how you want the deployment to respond when a user enters incorrect passcodes.

  6. Click Save.

Related Concepts

Token Policy