We are using hardware token (model SID700) and I would like to know whether I can change the token code refresh rate from 60 seconds to 30 seconds.
Hi, the refresh rate is hard coded into the token. There are 30 second tokens available through Sales.
From a practical point of view, and from the experience of our customers, 30-second tokens make sense for Administrators who work on 100s network devices, routers, switches, etc... and they need to logon to several of these devices about the same time, so waiting 60 seconds for the next code slows these types of users down considerably.
The other typical explanation for wanting this is for 'increased security', the idea being that since 30 second token change more often than 60 second tokens, they are therefore more secure. But from a practical point of view, the customers that tried 30 second tokens for non-administrators, for regular users, were sadly disappointed, because 30 second tokens have 1/2 the acceptable token window for acceptable tokencodes, which after initial auth is Plus or Minus 1 token cycle. This means the acceptable tokencode is the right now code, the previous code or the next code, which with 60 second tokens is a 3 minute window, but with 30 second tokens is a 90 second window. The common result is regular users tend to see next TokenCode prompts significantly more often with 30 second tokencodes compared to 60 second tokencodes. This frustrates regular users, and increases Help Desk Calls.
Great feedback. Thank you.
I've contacted your sales rep to discuss purchasing 30-second tokens. She should be in touch.
Retrieving data ...