This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

Invalid tokencode failures and expired QR code alerts in RSA SecurID Authenticate app

Article Number

000038057

Applies To

RSA Product Set: SecurID Access
RSA Product/Service Type: Cloud
RSA Version/Condition: Not Applicable

Issue

An end user is encountering one or both of the following problems with the RSA SecurID Authenticate app:

  • Step-up authentications using the RSA SecurID Authenticate app tokencode are failing and the User Event Monitor displays the following error for the attempts

Authenticate Tokencode authentication failed - Invalid tokencode 

The above error occurs even when the user is very sure they are entering the correct code displayed on their device.

  • RSA SecurID Authenticate app device registration using a QR code fails.  The app displays the following alert: 

Expired QR Code. Message: Generate a new QR Code. Then scan the new code in the app . 

The user is able to complete registration with a password or registration code however.

Cause

The date and/or time and/or geographical region setting in the end user's device is incorrect.

Resolution

Both QR codes and tokencodes use time-based algorithms, so they both require the end user's device to be set accurately to the current date and time, according to the geographical region set in their device.  Time accuracy must be within a few minutes.

For example, if the end user's device region is currently set to India (GMT+5:30), then the date and time in the device must be set to the current date and time in India.   Clock drifts of a few minutes or more, or failure to adjust to daylight savings time changes, can cause the errors described in this article to occur.  If the date and time appears to be correct, check to make sure the geographical region configured in the device is correct too.

We recommend setting mobile device times using the Auto feature in the device, if available, so that device times are automatically set accurately by the mobile network.  Check with your mobile network provider to confirm if automatic clock setting is available.  For devices that do not use a mobile network, RSA recommends configuring a reliable NTP server to automatically synchronize your computer's time.

Workaround

If date and time cannot be automatically managed by network time synchronization, then manual date/time adjustments may be required occasionally to maintain clock accuracy in the device.

Notes

  • For additional troubleshooting tips, see Troubleshooting Cloud Authentication Service User Issues .
  • For instructions to set the date, time and geographical region, or to set the Auto option for time of day in your device, please refer to the vendor documentation of your device.
Tags (79)
Was this article helpful? Yes No
100% helpful (1/1)

In this article

Version history
Last update:
‎2020-12-12 01:30 PM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.