Soft token use on multiple devices
Can a user install a soft token on multiple devices?
For instance, I have a Windows laptop and a Blackberry 10.
Can I use the same soft token on both devices?
- Community Thread
- Forum Thread
- RSA SecurID
- RSA SecurID Access
- Token Auth
- Token Authentication
- Token Authenticator
- Token Authenticators
Distribute the token as a Generic AES sdtid file, and no device serial number.
Then you can install that token on any device that can handle .sdtid files, or you can
use software token converter to input the sdtid file and output a different format like CTF.
It will be extra critical that the clock on all devices running the token remains extremely accurate,
so the RSA server doesn't flip-flop the token offset in the database, tracking 'how far off the
last tokencode was from the RSA server clock'.
If you need FOB style (Generic AES onnly allows PINPad style where you enter the PIN into the Token App) you could try some other Device Types, e.g. an Android type might also import into a PC, or iPhone might import into Android and PC. But the trick is to only distribute this as .sdtid file - once. Then import this file into the devices shared by, I assume, the same user. So the user can look at his phone for Windows Agent logon PassCode, but look at his PC for VPN Passcode, stuff like that.
When you distribute a soft token a second or more time, each time it generates a new seed, and every TokenCode will be different. This is by design, Use Case being employee leaves company with his phone and your token, so you want securely use that software token with another user.