Skip to main content

PIN creation and management

SecureAuth Authenticate app version 5.3 or later for iOS and Android includes an optional security feature which, if configured on a SecureAuth IdP version 9.3 or later app enrollment realm, requires the setup and entry of a PIN to view the TOTP on the app.

PIN VALUE RESTRICTIONS:

  • Cannot contain consecutive, repeating digits; for example: 33333333 or 1111

  • Cannot be forward or backwards sequential; for example: 123456 or 87654321

  • Number of digits can be 4, 6, 8, or 10 only; the longer the pin length, the higher the security setting

PIN RULES:

  • If upgrading from an earlier 5.x version of the app, then you are prompted to create a PIN and re-connect to your profile if the realm requires a PIN.

  • An account on the app must be re-enrolled for multi-factor authentication if the connected realm now requires a PIN entry.

  • If accounts on the app use different PIN lengths, then the highest security setting (maximum 10 digits) is enforced to view the TOTP on the app. To apply the highest security setting to all accounts, you must re-enroll accounts that are not using the highest security setting.

  • If multiple accounts exist on the app, you must create a new PIN whenever you:

    • Add an account that requires a higher security setting, or

    • Delete the account that used the highest security setting; leaving another account that requires a shorter PIN.

  • Adding a PIN to the Authenticate app is an additional security layer: mobile devices are still required to have a lock; otherwise, end users cannot use the app. If the device lock is disabled, all accounts are invalidated.

NOTE: Apple Watch and Android Wear OS watch integrations are not supported with the PIN-protected configuration in Authenticate app version 5.2 or later.