Edit Fixed Passcode Lifetime and Format Requirements

Fixed passcode lifetime and format requirements are controlled by token policies assigned to each security domain. To change the fixed passcode lifetime and format settings for a security domain, you must edit the assigned token policy.

Before you begin 

Decide whether to use separate lifetime and format settings for SecurID PINs and fixed passcodes. You can change the SecurID PIN settings and apply them to fixed passcodes, or you can maintain separate settings for PINs and fixed passcodes.

Procedure 

1. In the Security Console, click Authentication > Policies > Token Policies > Manage Existing.

2. Use the search fields to find the token policy that you want to edit.

3. From the search results, click the token policy that you want to edit.

4. From the context menu, click Edit.

5. (Optional) In the SecurID PIN Lifetime section, do the following:

   • Select the Periodic Expiration checkbox if you want the SecurID PIN to expire after a specified length of time. This enables the Maximum and Minimum Lifetime fields.

   • In the Maximum Lifetime field, specify how often a PIN must be changed.

   • In the Minimum Lifetime field, specify how long users must wait between PIN changes.

   • In the Restrict Re-use field, specify the number of recent PINs a user is restricted from reusing.

6. (Optional) In the SecurID PIN Format section, do the following:

   • Use the PIN Creation Method radio buttons to select the method by which SecurID PINs are generated. PINs can be system-generated or users can create their own fixed PINs.

   • Use the Minimum Length field to specify the minimum number of characters that a PIN can contain.

   • Use the Maximum Length field to specify the maximum number of characters that a PIN can contain.

   • If you want certain words to be disallowed as passwords, from the Excluded Words Dictionary drop-down list, select a dictionary.

   • In the Character Requirements fields, choose whether to require numeric PINs or allow alphanumeric PINs. If you chose to allow alphanumeric PINs, you must enter the minimum number of each character type required for a valid PIN.

   • In the Fixed Passcode Lifetime section, you can copy the settings from the SecurID PIN Lifetime section or you can define separate setting for fixed passcodes.

7. To define separate fixed passcode lifetime settings, do the following:

   • Select the Periodic Expiration checkbox if you want the fixed passcode to expire after a specified length of time. This enables the Maximum and Minimum Lifetime fields.

   • In the Maximum Lifetime field, specify how often a fixed passcode must be changed.

   • In the Minimum Lifetime field, specify how long users must wait between fixed passcode changes.

   • In the Restrict Re-use field, specify the number of recent fixed passcodes a user is restricted from reusing.

   • In the Fixed Passcode Format section, you can copy the settings from the SecurID PIN Format section or you can define separate setting for fixed passcodes.

8. To define separate fixed passcode format settings, do the following:

   • Use the Minimum Length field to specify the minimum number of characters that a fixed passcode can contain.

   • Use the Maximum Length field to specify the maximum number of characters that a fixed passcode can contain.

   • If you want certain words to be disallowed as passwords, from the Excluded Words Dictionary drop-down list, select a dictionary.

   • In the Character Requirements fields, choose the type of characters to allow. If you choose to allow alphanumeric fixed passcodes, you must enter the minimum number of each character type required for a valid fixed passcode.

9. Click Save.