SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
Respected Contributor Respected Contributor
Respected Contributor

PIN dictionary behavior - broken or FAD?

In the past, I have always observed that if I install a PIN dictionary in AM 8.x, and my PIN is listed in the dictionary and the dictionary is applied to my token policy, that I would be forced to change my PIN at the next login.  The system keeps my PIN until I change it, but won't let me log in until I change it to a compliant PIN.

This morning at a customer site, they were working on a test system running AM, and the user had a PIN that looked like 12345.  They installed the dictionary, and found that they could still log in, without being prompted to change their PIN.  The dictionary is definitely working; new users cannot use dictionary PINs, and it will not let you change your PIN to another dictionary PIN.

As I said, I've always seen the system force anyone with a dictionary PIN to change it on the next login.  Was it broken then, or is it broken now?

0 Replies