BNL Home

RSA SecurID User Guide

Services, such as VPN or SSH, that require RSA SecurID for authentication also require that you install and configure the appropriate client software on your computer to connect to the VPN or SSH service. This guide does not provide information on installing or configuring clients; rather you must visit the VPN or SSH web pages for that information.

What is RSA SecurID?

RSA SecurID two-factor authentication is based on something you know (a password or PIN) and something you have (an authenticator or token—providing a much more reliable level of user authentication than reusable passwords.

To access resources protected by the RSA SecurID system, users simply combine their secret Personal Identification Number or PIN (something they alone know) with the token codes generated by their authenticators (something they have). The result is a unique, one-time-use passcode that is used to positively identify or authenticate the user. If the passcode is validated by the RSA SecurID system, the user is granted access to the protected resource. If not recognized, the user is denied access.

Token Types

Note: All RSA Tokens (hardware & software) have an expiration date. ITD will contact you with replacement instructions before your token expires.

Hardware Token

rsa token

A hardware token a small light weight plastic device similar to a car remote with a small numeric digital display. This token can be attached to a lanyard or keychain. With the hardware token no interaction with the user desktop is required—that is, you don't have to install or maintain any software. The RSA SecurID hardware tokens are manufactured and sealed with an integral lifetime battery. No user maintenance or battery replacement is required.

Software Token

A software token is a small application that can be installed on a wide range of personal devices. Software tokens are available for the BlackBerry Smartphone and Apple iPhone.

Obtaining Tokens

  1. Read the Statement on Proper Use of Strong Authentication Tokens (pdf).
  2. Apply for a RSA SecurID token by filling out the account request form or in person at the Account Management Office.
  3. Users will receive an email stating when they can pick up their hardware token from the Account Management Office once their account request form has been processed.
    For those who are using the BlackBerry Smartphone or Apple iPhone RSA SecurID software token, please refer to the setup instructions for each mobile device.

Set Token PIN Number

BNL employees can use the following methods to set their new token PIN:

Generic Login Instructions

  • Access a service at BNL that requires the use of a RSA SecurID token (e.g., VPN client).
  • Insert your RSA SecurID token [username] and passcode [pin + 6 digit tokencode] at the login prompt before the 60-second refresh time. Users can view the 60-second count down timer on the left-side of the token display,