Is there a way to disable the Authentication Managers rejection of passcode re-use? I understand the reasoning, someone has 60 seconds to use your sniffed passcode to gain access elsewhere, but on devices that require the token and a second authentication to get to the admin/enable console, it is an annoyance to have to sit there and wait for the next code to present itself. Are there alternatives? (We use AM behind a Cisco ACS server if that matters)
Hello,
No it is not possible to reuse a tokencode that has already been seen by the system, in any way.
Fixed passcodes can be reused but of course are not secure, and only good for testing, never good
for actual day-to-day use. A list of emergency fixed passcodes can be hammered in back-to-back, but that also
means an admin is flagging the token as lost, generating a list, and giving it to the end user. That is also
much more pain for the admin and user.
The best thing possible is, if these are software tokens, and if the target device type can do 30 second tokens,
then generate and distribute 30 second interval software tokens to the end user.