User Guide

VPN Home

What is RSA SecurID?

RSA SecurID two-factor authentication is based on something you know (a password or PIN) and something you have (an authenticator or token)—providing a much more reliable level of user authentication than reusable passwords.

To access resources protected by the RSA SecurID system, users simply combine their secret Personal Identification Number or PIN (something they alone know) with the token codes generated by their authenticators (something they have). The result is a unique, one-time-use passcode that is used to positively identify or authenticate the user. If the passcode is validated by the RSA SecurID system, the user is granted access to the protected resource. If not recognized, the user is denied access.

Services, such as VPN or SSH, that require RSA SecurID for authentication also require that you install and configure the appropriate client software on your computer to connect to the VPN or SSH service. This guide does not provide information on installing or configuring clients; rather you must visit the VPN or SSH web pages for that information.

Token Types

  • Hardware Token – Is a small light weight plastic device similar to a car remote with a small numeric digital display. This token can be attached to a lanyard or keychain. With the hardware token no interaction with the user desktop is required—that is, you don't have to install or maintain any software. The RSA SecurID hardware tokens are manufactured and sealed with an integral lifetime battery. No user maintenance or battery replacement is required.
  • Software Tokens – Is a small application that can be installed on a wide range of personal devices. Software tokens are available for the BlackBerry Smartphone and Apple iPhone.

Note: All RSA Tokens (hardware & software) have an expiration date. ITD will contact you with replacement instructions before your token expires.

Obtaining Tokens

  1. Read the Statement on Proper Use of Strong Authentication Tokens. (pdf)
  2. Apply for a RSA SecurID token by filling out the account request form or in person at the Account Management Office.
  3. Users will receive an email stating when they can pick up their hardware token from the Account Management Office once their account request form has been processed.

    For those who are using the BlackBerry Smartphone or Apple iPhone RSA SecurID software token, please refer to the setup instructions for each mobile device.

Set Token Pin Number

  • BNL employees can use the following methods to set their new token PIN.

    Generic Login Instructions

    • Access a service at BNL that requires the use of a RSA SecurID token (e.g., VPN client).
    • Insert your RSA SecurID token [username] and passcode [pin + 6 digit tokencode] at the login prompt before the 60-second refresh time. Users can view the 60-second count down timer on the left-side of the token display, see below.

    Need Help?

    Please contact the ITD Helpdesk at x5522 (631-344-5522) or send an email to if you have questions, concerns or experience any of the following issues:

    • Locked tokens
    • Lost or damaged tokens
    • Dead battery
    • Expired Tokens
    • Changing token pin number

    Top of Page

    Last Modified: September 23, 2013
    Please forward all questions about this site to: Web Services