The Edit Token dialog box displays information from the token record for the specified token. To open the Edit Token dialog box, click Token > Edit Token.
The following paragraphs explain the fields in the Edit Token dialog box.
Serial Number. The serial number on the back of a hardware token or on the software token GUI.
Algorithm. SID tokens provide time-based authentication using the SID proprietary algorithm, while AES tokens provide time-based authentication using the Advanced Encryption Standard (AES) cryptographic algorithm.
Assigned to. If the token is assigned, this field displays the name of the person to whom the token is assigned. This name can be the user’s name or login.
Next tokencode mode. If this value is turned on, the next time this token’s PIN and code are used in an authentication attempt, the user is prompted to provide the next code displayed by the token before being given access to the system.
Replacement serial number. This field appears only if the token selected for editing has been assigned a replacement token. The field displays the serial number and type of the token that has been assigned as a replacement.
6: Registering Users for Authentication 119 Lost Status. Whether or not the token is lost. Only tokens with Lost status can be assigned temporary passwords. If the token is lost, the following temporary password information appears:
• The type of password (Fixed or One-Time password set).
• The expiration date and time.
For fixed passwords, “AUTO” indicates that the status of the token changes to Not Lost when the fixed password expires. The RSA Authentication Manager performs this change if you select When lost status expires, mark token as Not Lost in the Lost Token dialog box.
Software Token. If the token is an issued software token, the following information appears:
• The password assigned to protect the token file.
• The copy protection status of the token.
• The number of times the token has been issued.
• Whether the token is currently issued.
Last login date. The date and time of the last successful authentication or
resynchronization with this token is displayed in Coordinated Universal Time. If the token has never been assigned or is newly assigned, this field has no meaning and contains an initial date value of 1/1/1986.
Enabled status. If the Enabled checkbox is selected, the token is enabled. If a token is disabled, it cannot be used for authentication. This value is set by an administrator using the Enabled checkbox or by a series of unsuccessful authentication attempts, which disable the token. For more information, see “When a Token Is Stolen or Otherwise Missing” on page 126.
Token start and shutdown dates. The dates (in format mm/dd/yyyy) and times when the token started and when it will stop displaying codes. After the shutdown date, the token will no longer function.
Note: Because Token Reports reflect Coordinated Universal Time as opposed to local time, the token shutdown date and time may differ by several hours from the token shutdown date and time shown in the Edit Token dialog box.
New PIN mode. If the New PIN mode checkbox is selected, an administrator has set the token to New PIN mode. The user must complete the New PIN operation to gain access to a resource protected by RSA SecurID.
Token Assignment Date. The date on which the token was assigned to a user. If the token is unassigned, "NONE" appears in place of a date. If the assigned token was imported from an .asc file or from a .dmp file from a previous version of the RSA Authentication Manager, or was upgraded from a version earlier than 5.2,
"UNDEFINED" appears in place of a date.
RSA Authentication Manager 6.1 Administrator’s Guide
120 6: Registering Users for Authentication
User Authenticates With. Specifies whether the user authenticates with a passcode or with a tokencode only. For more information, see “Tokens that Do Not Require PINs”
on page 107.
Token records also contain the following information that is never displayed:
• A synchronization offset value. See “Synchronization” on page 132.
• The unique key used to generate the token’s pseudorandom codes.
• The PIN for the token, known only to the assigned user.
• The number of consecutive failed authentication attempts with the token.
The system disables any token used in a specified number of consecutive failed authentication attempts.
A standard card or key fob is disabled before this number of failed attempts is reached if the attempts are made with an invalid PIN but with valid tokencodes.
The Authentication Manager assumes that an unauthorized user has obtained the token and is using it with guessed PINs. After the third consecutive attempt of this kind, the token is disabled.
This number is reset to zero when the user authenticates successfully with the token, when an administrator resynchronizes or unassigns the token, or when an administrator enables a token that was disabled following a series of failed authentication attempts.
Note: If more than one token is assigned to a user, a failed authentication attempt counts against all tokens assigned to that user. Therefore, a token that does not have any failed authentication attempts could be disabled or put in Next Tokencode mode.
Modifying Token Extension Data
You can click Edit Token Extension Data in the Edit Token dialog box to edit the information in Token Extension records. These records contain customer-defined token information that can be accessed by custom administration programs.
6: Registering Users for Authentication 121