-
Title
Windows Mobile Tokens Stop Working -
Description
Users are assigned a Windows Mobile soft token and are able to successfully authenticate a few times (or about a week) and then the token stops working. Any response generated by the soft token is rejected by the system. If a temporary token response is assigned, the temporary response works. -
Cause
This is an issue related to the use of UTC.
For the first five token responses the DSS has a larger time window, which is why these are working.
For the sixth token response the DSS tries to narrow the time window and the token response being provided is outside of this time window (1 hour).
If you turn on tracing for the DSS and view the DSS log you will most likely see the message "Your token is not synchronized to the current system clock. Enter the next response."
However, while entering the next token response does allow the authentication request to succeed, the next response from the device will still be out of sync, which is not correct. -
Resolution
Enhancement Request 0004407 has been created to address this issue. This has been confirmed to be in the next token release.
Workaround: Use OATH Compliant tokens rather than AES (time based) as this would not suffer from the same issue.
-
Change Request
0004407