For existing users of RSA SecurID Token 5.x, the following features are no longer supported in SecurID Authenticator 6.0
Below are the Deprecated features and their description
Unsupported Operating Systems
Windows XP, Vista, and older versions of Windows 10
Auto-submission of OTPs into a web form (web plug-in)
RSA previously supported two web plug-ins based on ActiveX and NPAPI. Both technologies are deprecated by Microsoft and are no longer supported in modern web browsers.
Auto-submission of OTPs into a client application (STAuto API)
The STAuto API allows a requesting client application to automatically retrieve tokencodes on behalf of the user. While simplifying user authentication, it could also allow a rogue application to harvest tokencodes from the user’s machine. RSA does not recommend using STAuto and has formally removed it from this release.
Use of SecurID OTP as a shared “machine-level credential”
In certain retail applications, SecurID could be used to restrict application access to specific in-store kiosks only. In this scenario, the tokencode is used to authenticate the machine, not the user. In common practice, client-side certificates are now the preferred solution for machine authentication. RSA recommends that each user should have a unique SecurID token to ensure strong authentication of the user, not just of the machine.
Display the OTP generated by a USB-connected SID800 hardware token as the end of the sale for the SID800 was announced in January 2021.
Storage of SecurID OTP seeds on a third-party device (e.g., flash drive)
Storage of SecurID OTP seeds on a third-party device (e.g., flash drive) Launched in 2008 as the “Credentials Everywhere” initiative, this program once included integrations from leading USB device vendors like SanDisk and IronKey. After limited adoption, however, the program was discontinued in 2014.
Roaming support for SecurID credentials
In call center applications, users may regularly authenticate from multiple physical or virtual terminals (e.g., Citrix VDI). Roaming support once allowed a SecurID seed to be stored with the user’s AD profile and “follow” the user between machines. Because this solution negates the “something you have” factor (i.e., the PC), it effectively reduces SecurID to only “something you know” (i.e., the AD password used to unlock the tokencode).