1) Please remove the "view SecurID token demo" link or give the administrator the option of editing it from the Profile page. Our users should not be contacting vendors, which is the problem that delivering them directly to your website has the potential of creating.
2) I have a very minimalist approach to the enabled features, with only the Display Log on section and Display My Profile information boxes checked - nothing checked that would suggest to users that they can request a replacement token. If the View Details link is clicked on the Profile page, a link appears at the bottom of the page, suggesting to users that they can request a replacement token. They can't, though, because the "enable provisioning features" box is not selected. This removed the link from the Profile page, only to allow it to remain elsewhere. Poor design of this service can easily give users of the service the impression that the site is broken when it isn't.
3) I liked the idea of security questions and was hoping they could be used to unlock accounts, but apparently, they're not. Our RSA deployment features a read-only relationship with Active Directory, so user passwords can't be changed through RSA and there's no interest in changing that. In the meantime, users with locked accounts can neither learn that their account is locked nor unlock the account if it is. Not helpful. So, I removed the "forgot password" from the login page, but am still prompted to create my security questions at the Profile page. Why? Why can I not edit this link from the page?!
4) The "Test Your Token" link could use some attention. It works great with the fobs, telling users exactly what is required for testing the passcode, but says nothing for users with soft tokens, leaving them to guess, producing the Next Code error (which they won't see) or, potentially, locking the account. What exactly does this test? How can it be helpful if it offers no explanation of what is expected?
I originally submitted a trouble ticket to have these issues addressed, but all that came of it was a link to this suggestion page. So very disappointed by what I've seen in this service.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.