Using the Authenticator Auto-Unlock

This feature enables the user to unlock his credential if he has made too many unsuccessful authentication attempts and an unlock time has been set in the authentication policy.

If the value is configured, then the authenticator is automatically unlocked at the defined reset time (number of seconds), and the user can continue to authenticate.

The Auto-Unlock feature reduces the need for an operator to manually reset the failure and/or challenge counters for a user.

Important: For increased security, the Auto-Unlock feature is disabled by default (set to 0) and the authenticator will not automatically unlock.

To enable the Auto-lock feature, you can set the number of seconds for the Disabled time reset parameter according to your requirements in the Authentication Policy.

Note: This feature includes the challenge counter auto-unlock. This auto-unlock occurs when the time since the last generated challenge equals the Disabled time reset parameter set in the Authentication Policy.

When the defined time reset is reached, the authenticator will automatically be unlocked and the user will be able to generate a challenge to perform a Challenge/Response authentication.

Authenticator locked by too many failed authentications:

If a user with this authentication policy reaches the maximum number of failed authentications, the following error message is displayed.

Authenticator locked by too many challenge generations:

If a user with this authentication policy reaches the maximum number of challenges that can be issued for an authentication record of this policy without submission of a valid response, the following error message is displayed. No more challenges can be generated.