SecureID Token Activation

Introduction

You now have a SecureID token assigned to you and your Unix shell was changed to a SecureID shell.

• The PIN is similar to your bank card PIN and should be secret. Unlike a password it can be the same for all machines on which you have accounts and that simplifies remembering it. Unlike a password PIN can be quite short (4 digits).  You need to select your PIN the first time you use the token (see Token activation below.
   
• A one-time password that consists of 6 digits is generated by the token each minute. It is valid for one minute only. You should not enter it when the token is ready to generate the next one-time-password (token's time-to-live bar that is on the left side of the token's screen has almost disappeared). This password is good for only one login to a server. If you need to login twice you need to wait until the next one is generated.

The first time you enter your userid on a Unix box with the SecureID installed you should see the prompt

instead of the usual

That prompt means that your authentication will now be performed using a SecureID token. Before you start using the token, it needs to be activated (see below).

After that each time you use the token you need to enter a passcode (PIN + one_time_password). When using the SecureID token:

1. Please do not forget that the passcode consists of a PIN and a one-time password generated by the token. You need to put your PIN first and then the 6-digit one-time password.

 
2. Each one-time password is valid to one minute only. You cannot put old password if you write it down or remember it after the password changed on the token. At the beginning I recommend waiting until a token generates a new one-time-password and only then start enter you PIN and this password.   
    
3. If you entered the wrong passcode (for example novices often forget to enter the PIN, or generated one-time password changed before you finished to enter it), please wait until token generate next one-time password and then try again. 
    
4. The token generates one-time-passwords. If you try to open two or sessions one after another, you need to wait until a new passcode will be generated. So opening three sessions need approximately 3 minutes. You cannot use the same passcode for two logins.

 
5. Detachable keychain or to pull out cord is probably the best option. A small necklace pouch can also be used. Your mileage may vary. In any case please try not to forget your token at home. In this case you will need a replacement token to be issued.
    

Typical User Problems 

1. New SecureID users often forget to enter the PIN before the one-time password. If they enter generated one-time password twice they are put into "next passcode mode", see below.
    
2. New users have difficulties understanding that one-time password is active for one minute only and that you should wait for the next password to be generated by the token, if the first one was rejected by the system. The same is applicable if you need to login to several servers: you cannot use the same token-generated sequence of 6 digits twice.
    
3. If the user have entered the wrong passcode twice, he/she will be automatically put into so called "Next password mode". The latter means they will be prompted for next one-time password generated by the token, often they entered the first correct PIN+one-time-pasword combination. The second generated by the token one time password should be entered without a PIN.
    
4. If you telnet to the server and get regular prompts for the username and password, then you need to contact the Unix admin for the box to install SecureID shell for your account.
    
5. If a user forgets its PIN the PIN needs to be reset.
    
6. You cannot initialize your token using ftp. Please use telnet to do so. 

Token Activation

The very first time you use your token, you need to connect to the system using telnet, not ftp. The selection of your own secret PIN in the telnet session is called token activation. It is performed only the first time you use the token. This is a multistep process but the description below looks more complex than it actually is. You just need to be careful, and follow the instructions below step-by-step:

1. User action: Open the telnet session with any server that has your  SecureID account

   System action: You will get the usual login prompt
    

2. User action: Please enter your login id

   System action: The system should display prompt Enter PASSCODE instead of Enter password.

   jklIf you do not see this prompt please contact your system administrator.

3. User action: Please enter the 6 digit number (one-time password) displayed on your token
.

Note: At this time you do not have a PIN yet, that means that your PASSCODE will be just the 6 digits displayed on your token.)

System action: You should get prompt "Enter PIN"
 

4. User action:  Choose a combination of four to eight (4-8) letters and numbers that is meaningful to you and enter tham as you secret PIN.

   You can use one of your PINs for other cards to save yourself from memorizing yet another one. In any case try to avoid using birthdays or phone numbers, which can be easily discovered.

   System action: You should get a prompt to reenter your PIN again.
    

5. User action: reenter the same PIN you chose on the prev step.
   
   
 System action: The system will display the prompt "Enter PASSCODE" again.
 
6. User action: This time you need to enter  both the PIN and generated one-time password ( passcode)

Once you have set your PIN, the PASSCODE will become your PIN followed by the token display.

Passcode = PIN + one_time_password (generated by token)

Example:

Your PIN:	1234	This is actually a bad PIN
Token Code (one time password)	539825
New Passcode:	1234539835	Note that PIN is a prefix in the passcode

Please also note that although the token display will change, your PIN will always remain the same.

7. At this point you are done and you should get the system prompt. If you entered a combination

   
   PIN + one_time_password

   incorrectly and the system complained, please wait until one time password will change on the token (they are not reusable, they are really one-time). That also means that you cannot login to two servers using the same 6-digit one-time-password. You need to wait for the next one-time-password to login to the second server.

   You cannot login to two servers using one generated by a token 6 digit one-time-password. You need to wait for the next one-time-password to login to the second server.

   You do not need to repeat activation to other servers. They are activated automatically as soon as you activate the first server. And you need to enter Passcode=PIN + one_time_password (generated by token) combination when prompted for the PASSCODE on those servers. Just 6 digits from the token will not work.

Etc

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotes :  Somerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose Bierce :  Bernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOS :  Programming Languages History : PL/1 : Simula 67 : C : History of GCC development :  Scripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-Month :  How to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Last modified: March 12, 2019