Advanced User Identification and Access Control Utilizing Common Login Methods

The Password Manager With Policy Master Configuration Utility

Token User Guide v2.2.0

The World’s First Password and Login Management System

Y

Ve Mang lion

Mandylion

researchetlaobs

www.mandylionlabs.com

Getting To Know The Platform

Features and Benefits Cautionary Notes on Password Usage

Using the Token

...About Display and User Interfaces Operating Modes & Alarms

First Time Use

Initializing Your Unit

VIEW Mode

VIEW Mode - Normal Operational Mode

To VIEW and Scroll through All Login Records

To VIEW the Contents of a Particular Login Record

Manual EDIT Mode

To Enter EDIT Mode

To Manually Enter a Login Record’s Name

To Enter a Login Record’s Account # / User ID or Screen Name To Auto Calculate A Password for a Login Record

To Input a Manual Password for a Login Record

To Custom Design a Password for a Login Record

OPTIONS Mode

To Enter OPTIONS Mode

To Change Your Personal Finger Authentication Pattern

To View / Change the Default Style of Passwords Auto Generated To View and Change the Lockout Features

Automatic Renewal of Passwords

General Information & Technical Data

Warranty Information

10

16

21

23

Index

Passwords are the most common form of personal identification in use today. They have become an important part of the routine in our daily lives. We have come to accept this annoying and imperfect little form of identification. We intuitively assume passwords provide us with adequate security. The

experts know differently. Hackers just snicker.

Getting to Know the Autoload Platform

The Autoload Platform is the next generation of Mandylion’s password management token technology. The Platform consists of Autoload Tokens, Policy Master Configuration Cradles and

the Policy Master Configuration Software Suite.

The Token has been designed” from the ground up for the way we access and use password controlled applications. It does away with the inherent weaknesses associated with passwords; the reliance on the individual to create, remember and

regularly change them.

Truly an enterprise management tool, the autoload version allows organizations to configure and control the token on behalf of the organization’s users. The organization can set and control the enterprise logins and yet still allow the user to maintain their own personal logins on the token. Mixing official and personal logins provides a benefit to the organization; It promotes a culture of

security over password use.

* Designed in conformity with U.S. Military, National Institute of Standards and Technology and National Security Agency standards for the secure creation, management and use of passwords. All units comply with DoD information security guidelines D8500.1 and D8500.2; US Army Regulation 25TA; FIPS Pub. Nos. 112,190 and 196 and NIST Special Publication 800-63 titled Electronic Authentication Guideline. (9/04); NSA and Committee on National Security Systems (CNSSS) National Security Telecommunications and Information Security Systems Policy No. 11 (NSTISSP #11).

Features & Benefits

Securely Stores up to 50 passwords. Along with account numbers and website / application names.

Generates Strong Passwords. Patent pending kinetic circuitry actually senses your use of the unit. This aids the unit’s processor in the generation of strong passwords which thwart all known password cracking techniques including dictionary and brute force approaches. Passwords can be any length up to 14 characters or namespaces.

Preconfigurable. Can be configured by the organization on behalf of the user. Handles incremental updates as well as group passwords. The enterprise can control what the user can modify on the token.

It’s Automatic. Prompts you to change your passwords at preset intervals, then can automatically create a new one for you.

Tamper Resistant. Only the authorized user it is assigned to can turn it on. Circuitry is designed to thwart electronic bypass. Unit has user selectable lockout settings including a self destruct function.

No Software needed. Nothing to Install. Simple read out can be instantly used with any Web site or system.

Carefree Operation. Uses standard batteries. Batteries last about a year with daily use. All passwords and settings are stored in permanent and protected memory which is unaffected by battery life or loss of power.

Configuration Utility and Cradle. The autoload version of the token can be configured either manually on the token itself or via the Policy Master Configuration Utility and downloaded to the token.

Operation is Simple and Intuitive. You can use it to add convenience while improving your security anywhere you use passwords, PINs or pass codes.

4 Getting to Know the Autoload Platform

(continued)

Ease of Use

To use the token with your logins, you simply follow three easy steps:

e Access the password input area or screen of the Web site or system you wish to gain access to.

e Activate your token and display the stored password or memory aid to arrive at the password that you created for that site.

e Enter the password’ in the input area of the Web site or system as you normally would ..and you are in!

Using the token instantly provides you with a quantum leap in security protection.

For an even greater defense-in-depth security over your passwords, use the device as a memory aid to recall your actual passwords. A simple offset technique can apply something only you uniquely know to the characters displayed, to arrive at the actual password. Under this method, the passwords are never stored within the token. The device functions as a memory aid to arrive at the correct password. See FAQ’s for detail on the technique.

Cautionary Notes on Password Usage.

According to the annual FBI “TOP 20 LIST”, humanly generated, easily crackable passwords are the greatest vulnerability associated with today’s password usage.

In environments where users are either uncomfortable or further, prohibited from writing down or electronically storing their passcodes, the token may be used as a memory aid for the management and recall of strong passwords.

To use the token in this mode, the principle of offsets is used. Rather than the token displaying and storing the actual password for a Login Record, a simple offset technique can apply something only you uniquely know to the characters displayed, to arrive at the actual password. This way the password is never stored. If the token contents were somehow revealed, they would still be unusable.

The lockout features and tampered alarms of the token, although strong, are merely deterrents to wrongful access and compromise of the device. They are part of the device's "defense in depth" strategy. When combined with the other features, controls and recommended use and possession of the device, they create a formidable barrier to wrongful access of the device.

It is always theoretically possible to defeat a singular security control, such as lockout, given enough time and persistence. Accordingly, relying on a single security feature in isolation of these other controls is not recommended. In high risk environments, Mandylion strongly recommends that users keep their tokens in their possession, remain vigilant as to possible signs of tampering and utilize the token as a memory aide (see FAQ’s)

' SANS “TOP 20 LIST” The Twenty Most Critical Internet Security Vulnerabilities http://files.sans.org/top20.pdf

Getting to Know the Autoload Platform

(continued)

Two Ways to Enter Login Record Data

On the Token Directly. Utilizing only the token’s keypad, a user can enter or generate either automatic or custom configured passwords as well as enter identifying names and account numbers to complete their Login Record.

Download via Computer. Utilizing the Policy Master Configuration Utility, login records as well as enterprise controls over the token’s use can be easily entered onto a single or multiple tokens.

About the Display...

The Display has Three Information Areas

Main Display Area

Name ; Account; or Password WERZot+F STG

Icons light to indicate the current display in Main Display Area

Password

Mode/ Indicator Lamps: Edit Mode; Option Mode & Low Battery Indicator

Confirms menu selection /entry

input E f

6 Using the Token

Presented below is a simple overview of the token. For full details on the use and manual configuration of the token, please see the separate manual titled the Policy Master.

...and the Manual User Interface

Only 5 Keys Control the Entire Unit:

Four Directional Arrows surrounding a center Enter/Select Key.

Scrolls up through menu selections or through character sets during data input Up Arrow Key (@)Enter/Select(Center) Key (A)

(<q) Left Arrow Exits any function or scrolls cursor left

Right Arrow ( p) Scrolls cursor Right

Down Arrow (WV) Scrolls down through menu selections or through character sets during data input

Note: The above symbols are used throughout this guide to represent the keys. The VA symbol indicates pressing the up and down arrow keys simultaneously. (Only used to switch between View, Edit and Options Modes.)

VIEW Mode The normal operational mode for scrolling and viewing “Login Records”; (a Login Record consists of three Fields; the name of the login site or system controlled by the password, the account numbers or screen name, if any, and the site’s password (either input or created).

Manual EDIT Mode Via the token’s keypad, the mode for generating passwords as well as entering their identifying names and account numbers to complete the Login Record. With the autoload version, the Manual EDIT function can be limited by the enterprise. See Policy Master Manual.

Edit Locked. When the enter key is momentarily depressed while viewing any field in manual EDIT Mode, the Main Display area may read “Edit Locked”. This signifies that the ability to edit that field has been limited by the enterprise. See Policy Master Manual.

Enable Edit. When the enter key is depressed while viewing any field in manual EDIT Mode, the Main Display area may read “Enable Edit”. To enter manual edit mode, press the Up and Down Arrows simultaneously. To read more on Manually editing password records see the Manual Edit Mode section of this manual.

Manual OPTIONS Mode Via the token’s keypad, this is the mode for setting the unit’s features and defaults. In OPTIONS Mode you can change your personal finger authentication pattern to access the unit; view and change the default style of password the unit auto generates; view and change the unit’s lockout features including its destroy function. With the autoload version, the Manual Options setting function can be limited by the enterprise. See Policy Master Manual.

Using the Token Operating Modes & Alarms

Lock Out Features. To further protect from unauthorized access, there are powerful lockout features incorporated into the token’s logic. If the wrong personal finger authentication pattern is attempted repeatedly, the unit will simply shut off for a specified period of time or destroy the data.

This “mean time until compromise” feature is customizable and is generally set by the enterprise configuring the token on behalf of the user. In certain instances, the user may be allowed by the enterprise to make changes to these lockouts in the OPTIONS Mode of the unit.

Factory Default settings:

Three failed attempts at access and the unit shuts off and cannot be accessed for approximately one hour.

e Optional failed attempt thresholds include 1, 5 and 10 attempts.

e Optional lockout settings include 15 minutes, 4 hour, and 24 hours.

The unit also has a unique DESTROY setting. With this setting, the token’s logic will actually irretrievably erase and reset all Login Records, Passwords and entries if unauthorized access beyond the thresholds set are attempted.

Tampered. If you ever accidentally enter the wrong keystroke pattern or if unauthorized access to the unit is attempted, you will be discretely warned the next time you gain access to the unit. The Main Display area will read Tampered. To clear this warning, simply press the enter key and continue to VIEW Mode.

Before you can use the token for the first time’, you must initialize the token via the initialization software utility See the Policy Master Software and Manual.

Once the token has been initialized by the Policy Master software, you can then initialize the token to the individual user. You do this by creating and entering a personal finger authentication pattern containing 5 unique keystrokes of the arrow keys.

The initialization process is very important. Your personal finger authentication pattern grants only you the access to the protected Login Records generated and stored by the unit. It is also used as part of the initial input into the unit’s random number generator. Plan & remember this 5 keystroke sequence and change it frequently.

Hint: To help you to intuitively remember this unique finger pattern, visualize the motion or pattern your hand makes as you are entering the keystroke sequence. Remember to regularly change this sequence in OPTIONS Mode

* With the autoload version of the token, the enterprise can preconfigure the token before the unit is initialized. This allows the organization to configure multiple tokens prior to their deployment to or interaction with the assigned individual user of the token.

First Time Use

Initializing Your Token

To Initialize the Token(this initialization step is in addition to initialization via the cradle) :

Entry / Action

Press and momentarily hold the enter key ( ©.

To create your own personal finger authentication pattern, press any combination of 5 arrow keys in

Display / Result

The display will read New Code?

A “star” symbol will be displayed in the Main Display Area for each arrow key you depress.

any pattern.

When you have pressed 5 arrow | The display will now read Repea keys and the 5 “star” symbols are | Code displayed, press the enter key ( @ to accept this sequence.

Immediately re-enter your 5 | The display will read Accepted . keystroke personal authentication pattern to confirm and lock it in.

To Exit: Press the enter ke¥@ ) | The display will read View. to enter View Mode.

Note: Display will read Reje and the process will restart if this initialization sequence is not performed correctly and/or the keystroke sequence not properly re-confirmed.

You cannot use the enter (center) key as part of your personal finger authentication pattern.

Feeling Rejected ? If the display reads Rejected before you feel you have completed the initialization process, you probably have accidentally pressed the enter key while pressing one of the arrow keys. If this is the case don’t worry, you just need to start the process over. Just press enter again, and the display will read New Code? and start again.

Tampered. In addition to the user selectable lockout and DESTROY features (see OPTIONS mode), if you ever accidentally enter the wrong keystroke pattern or if unauthorized access to the unit is attempted, you will be discretely warned the next time you gain access to the unit. The Main Display area will read Tampered. To clear this warning, simply press the enter key and continue to VIEW Mode.

After initializing the unit and entering/creating your Login Records, you will almost exclusively access the contents of the unit in VIEW Mode. You will only return to the other 2 modes when manually entering new or changed Login Record data (manual EDIT Mode) or when changing default settings of the unit (OPTIONS Mode).

To Enter VIEW Mode:

Entry / Action Display / Result Turn on your token by pressing and momentarily holding the enter

key ( @).

The display will read

Enter your 5 keystroke personal finger authentication pattern.

Press the enter key ( @. | The display will read

To Exit: Press the left arrow key ( <@ once to exit VIEW Mode.

“Star” symbols are displayed as you enter pattern.

The display will go blank and unit will shut off.

To View and Scroll Through All Login Records (from VIEW Mode):

VIEW Mode Normal Operational Mode

To View the Contents of a Particular Login Record (from VIEW Mode):

Entry / Action

See Steps on how to enter View Mode.

Press enter key( @.

Press the down arrow and/or the

up arrow key ( Yor J) to scroll through Login Records.

Press the enter key ( @) to select a particular Login Record.

Press the down arrow and/or the up arrow key ( Wor & ) to view the contents of the selected Login Record. Pressing the enter key

( @) will always return the display to the Password Display of the record selected.

To Exit: Press the left arrow key ( ) twice to exit back to VIEW

Mode.

Display / Result

The display reads

The Main Display Area will display the Name of the first or most recently accessed Login Record stored in the unit (the Name icon will also be displayed)

The display will cycle through the Name of each Login Record stored in the unit (the Name icon will also be displayed)

The display will read the Password of the selected Login Record (the Password icon will also be displayed) IF no password has been set for this Login Record, the Display will be blank with only the Password icon present.

The display will cycle through the Password, the Login Record Name and the Account Number(User ID) of the selected Login Record (the Password, Name and Account icons will light as each is selected for display)

The display will read

Entry / Action

See Steps on how to enter View Mode.

Press enter key ( @).

Press the down arrow and/or the up arrow key ( Wor & ) to scroll through the Login Records.

To Exit: Press the left arrow key ( < once to exit back to VIEW Mode.

Display / Result

The display reads

The Main Display Area will display the Name of the first or most recently accessed Login Record stored in the unit (the Name icon will also be displayed)

The display will cycle through the Name of each Login Record stored in the unit (the Name icon will also be displayed)

The display will read

Login Records are your password records and consist of three fields of data with up to 14 characters in each field;

(1)the identifying Name field of the Login Record; (2) an Account Number/User ID/Screen Name field; and (3) the Password itself (either input or created).

The most convenient way to enter login records is via the Policy Master Configuration Utility software. See your administrator to see if your organization allows end users access to this software.

The Manual EDIT Mode is used exclusively for manually entering, via the Token’s keypad, the data used to create, add, and/or modify Login Records.

Manual EDIT Mode Via the token’s keypad, a user may enter or generate either automatic or custom configured passwords as well as entering their identifying names and account numbers to complete the Login Record. With the version, the Manual EDIT function can be limited by the enterprise. See Policy Master Manual.

Edit Locked. When the enter key is momentarily depressed while viewing any field in manual EDIT Mode, the Main Display area may read “Edit Locked”. This signifies that the ability to edit that field has been limited by the enterprise. See Policy Master Manual.

Enable Edit. When the enter key is depressed while viewing any field in manual EDIT Mode, the Main Display area may read “Enable Edit”. To enter manual edit mode, press the Up and Down Arrows simultaneously.

To Manually Enter a Login Record’s Name:

Entry / Action _ Display / Result

See Steps on how to enter View | The display reads Vi

Manual EDIT Mode

Entry / Action (continued) Press enter key (@).

Press the down arrow and/or the up arrow key( VoA ) to scroll through Login Records.

Press enter key ( @).

Press enter key (@ ) again.

Simultaneously press the down and up arrow keys

(VA ) to enter the manual Edit Mode.

Press the up arrow key ) to scroll to the Name Field.

Hint

Press enter key (@ ).

Press the down arrow and/or the up arrow key ( Y org) to scroll through the Character Set. Once a desired character is displayed press

the right arrow key( > ) to scroll to the next character position.

Repeat process until Name is fully entered.

Press enter key( @) to end edit of the Name Field of the selected Login Record.

To Exit: Press left arrow key

(<q <q <q) three times to exit back to VIEW Mode

Display / Result (continued)

The Main Display Area will display the Name of the first or most recently accessed Login Record stored in the unit (the Name icon will also be displayed)

The display will cycle through the Name Field of each Login Record stored in the unit. IF no entry has been made in the Login Record for the Name Field, the Display will read Blank #1 , 2 etc.

To select record to be manually edited. Auto Password Display feature immediately displays the password field of the record (indicated by the password icon- if no password exists for this record, the main display area will be blank).

The display will read Enable Edit. (the EDIT Mode Indicator Lamp will also be displayed)

The display will read Edit Pwd

The display will read Edit Name

The left arrow key functions as an escape key. If you find at any time you made the wrong selection or key press, just press the left arrow key and it will return you to your previous step.

The cursor will start blinking in the first position of the Main Display Area indicating the first space of the Name Field of the Login Record selected to edit.

The display will cycle through the entire printable ASCII character set for that character position in the Name Field. As you scroll through the character set, a selectable blank space is provided between each group of ASCII character types (see page 7 for chart).

Scrolling right or left will bring the blinking cursor to the other character positions for their edit.

Pressing the enter key completes

edit for the Name Field. The Main Display will return to read Edit

The display will read View.

To Manually Enter a Login Record’s Account # / User ID/Screen Name Data):

Entry / Action See Steps on how to enter View

Mode.

Press enter key ( @).

Press the down arrow and/or the up arrow key( Vor A )toscroll through Login Records.

Press enter key ( @).

Press enter key (@ ) again.

Simultaneously press the down and up arrow keys

(VA ) to enter the manual Edit Mode.

Press the down arrow key (W ) to scroll to the Account/User ID Field.

Hint

Press enter key ( ©).

Display / Result

The display reads }

The Main Display Area will display the Name of the first or most recently accessed Login Record stored in the unit (the Name icon will also be displayed)

The display will cycle through the Name Field of each Login Record stored in the unit. IF no entry has been made in the Login Record for the Name Field, the Display will read Blank #1 , 2 etc.

To select record to be manually edited. Auto Password Display feature immediately displays the password field of the record (indicated by the password icon- if no password exists for this record, the main display area will be blank).

The display will read Ey

(the EDIT Mode Indicator Lamp will also be displayed)

The display will read

The display will read

The left arrow key functions as an escape key. If you find at any time you made the wrong selection or key press, just press the left arrow key and it will return you to your previous step.

The cursor will start blinking in the first position of the Main Display Area indicating the first space of the Account Field of the Login Record selected to edit. Account fields not previously edited contain the word “EMPTY” in the Display.

Manual EDIT Mode

Entry / Action (continued)

Press the down arrow and/or the up arrow key ( Y org _ ) to scroll through the Character Set. Once a desired character is displayed press

the right arrow key( B> ) to scroll to the next character position.

Repeat process until Account/User ID is fully entered.

Press enter key( @) to end edit of the Name Field of the selected Login Record.

To Exit: Press left arrow key (aid 4 three times to exit back to VIEW Mode

(continued)

Display / Result (continued)

The display will cycle through the entire printable ASCII character set for that character position in the Account Field. As you scroll through the character set, a selectable blank space is provided between each group of ASCII character types (see page 7 for chart).

Scrolling right or left will bring the blinking cursor to the other character positions for their edit.

Pressing the enter key completes

edit for the Account Field. The Main Display will return to read

The display will read Vie

Manually Describing a Login Record’s Password Schema:

Users and the enterprise can specify, by Login Record, how a particular password will be generated, timestamped and renewed. This is called the password’s schema. It is the length (the number of characters in the password) of the password, the character set employed in each position of the password and expiration period of a password.

One of the most powerful capabilities of the token is its ability to generate purely random passcodes or memory aids to passcodes.

In manual mode, this is accomplished by describing the default password schema for the token and copying it into a particular login record. The schema is the length (the number of characters in the password), the character set employed in each position of the password and expiration period of a password.

Please note. Users of earlier versions of the token will note that manually specifying a record’s password schema is completely different in this latest version of the token. In addition to a new feature being added called “ReGen?”, the original “Create” and “Manual” submenu selections have been disabled.

The token’s random number generators utilize the entire typeable/printable ASCII character set of 94 characters (95 with the space bar). The following table presents the nomenclature used to described the various subsets of this ASCII character set which can be designed into each position in the password:

Manual EDIT Mode

(continued) User Number of Interface Characters Symbol | Character Set Represented in the Set X Any printable ASCII character (the default 94 character set in the create password option). Y Any printable ASCII character less special 62 characters (certain versions of internet software; cgi scripts; Java logins, etc may not accept the special character set) N Numbers only 10 S Special characters only 31 A Upper or lower case alpha only 52 U Upper case alpha only 26 L Lower case alpha only 26 @ National Character Set(mainframe convention) 3 Z Upper case alpha and Numbers only 36

There are 8 possible time periods that can be set for a password’s expiration. These choices are 30 days, 45 days, 60 days, 90 days, 180 days, one year, two years and NEVER.

In addition to configuring the token via the Policy Master Software, limited password creation/input can be performed in the manual EDIT mode. The Auto Calculate feature calculates and creates passwords in accordance with the default schema programmed in the unit which can be changed at any time by the user.

Cautionary Note About the Factory Default Setting for Auto Calculation: The factory default password schema is 8 position password of a purely random combination of the 94 printable characters which is set to NEVER expire. This default password schema presents a password construction which will have a broad baseline of compatibility with most login systems.

All the parameters of this default password schema can be changed at any time in the OPTIONS Mode if enabled by the enterprise in the policy master software. To create cryptographically stronger passwords via this auto calculate feature, it is recommended that the user change this default schema to a combination of any of the complete printable ASCII character set, be of at least 8 characters in length and set to expire at least every 90 days.

To AutoCalculate a Password for a Login Record:

Users can specify, by Login Record, how a particular password will be generated, timestamped and renewed. This is most easily done utilizing the Policy Master software that comes with the autoload version of the token. If however, a user wishes to create a unique schema for a particular login records, it can also be accomplished manually via the input keys on the token. This is accomplished by describing the default password schema for the token and copying it into a particular login record.

Entry / Action Display / Result

See Steps on how to enter View Mode.

The display reads

Press enter key (@). | The Main Display Area will display the Name of the first or most recently accessed Login Record stored in the unit (the Name

icon will also be displayed)

Press the down arrow and/or the up arrow key( Vod ) to scroll through Login Records.

The display will cycle through the Name Field of each Login Record stored in the unit. IF no entry has been made in the Login Record for the Name Field, the Display will read Blank #1 , 2 etc.

Press enter key (@ ).

To select record to be edited. Auto Password Display feature immediately displays the password field of the record.

Press enter key ( @. | The display will read Enable Edit. (the EDIT Mode Indicator Lamp will also be displayed)

Simultaneously press the down and up arrow keys ( VA) to enter the Edit Mode.

The display reads

Manual EDIT Mode

Entry / Action (continued) Press enter key (@).

Press enter key (@ ).

Press enter key (@ ).

To View the Password Auto Generated and Selected, Press left arrow key

( <4 ) once.

To Exit after viewing password: Press left arrow key

(<4 <q ) twice to exit back to VIEW Mode.

How Do I Re-Generate a Password?

What if a Password already exists?

(continued)

Display / Result (continued)

The display reads 4

A purely random password will be generated and displayed in the main display area. This password’s construction will comply with the currently set default password schema. To change the default schema at any time, see Options Mode.

Pressing the enter key accepts the displayed password as the password for the login record. The Main Display will return to read wd? If a password already

existed, the display will read Vi

—( see page 15 for Working with Login Records which already contain a password)

Password will be Displayed.

The display will read Vien

If, for any reason, you prefer a different password than the one displayed, this latest version of the token has a new feature which allows for the regeneration of passwords on the fly. See “Re- Generating Passwords Feature” on page 14

For Login Records which already contain a password, follow the step sequence described in “Working with and Viewing Login Records that Already Contain a Password” on page 15.

Manual EDIT Mode

(continued)

On the Fly Re-Generating Passwords Feature:

If, for any reason, you prefer a different password than the one currently displayed, the token has a new feature which allows for the regeneration of

passwords on the fly.

Entry / Action

See Steps on how to enter Edit Mode for a particular login record.

Simultaneously press the down and up arrow keys

( VAo enter the Edit Mode. Press enter key (@ ).

Press enter key (@).

Press left arrow key ( S| ) once.

Display / Result

The display will read E7 : (the EDIT Mode Indicator Lamp will also be displayed)

The display reads

The display reads 4

A purely random password will be generated and displayed in the main display area. This password’s construction will comply with the currently set default password schema. To change the default schema at any time, see Options Mode.

The display reads 2

Entry / Action (continued)

Press enter key (@ ).

Press enter key ( ` OR

Press left arrow key

(<q ) again

Press the enter key ( @) to view the new calculated/input password.

Press the down arrow key ( V) to scroll down to view the old password.

Press the enter key( @.

* * To erase the old password, press the down arrow key ( Wẹ to scroll down.

Press the enter key ( @).

Press the enter key ( @.

To Exit: Press left arrow key ( << twice to exit back to VIEW Mode.

Display / Result (continued)

A new purely random password will be generated and displayed in the main display area.

Pressing the enter key accepts the displayed password as the

password for the login record.

Rather than accepting the displayed

password, pressing the left arrow

key the display reads ReGen? Pressing the enter key again redisplays still another random password fitting the Login Record’s schema. Press enter to accept.

When accepting the password, the display does not return to

but reads View (the Password icon will be blinking).

The display presents the purely random password as generated for that Login Record utilizing the default schema by the AutoGenerate function.

he display reads View Old

The display presents the existing (old) password to be replaced for the Login Record.

he display reads

he Display reads he Display reads Er

nit will Return to VIEW Mode. he Display reads

** Note A: Alternatively, if you do not wish to erase the old password,

you can keep it indefinitely in the Login Record.

To keep the old

password, simply press the left arrow key twice to exit the erase sequence. If you elect to not erase the old password in this manner, each time you subsequently access that Login Record, you will be able to view the new and old passwords for the Login Record selected.

Special Instructions for Working with and Viewing Login Records that Already Contain a Password:

In creating a password for a Login Record, the token utilizes the existing schema for that particular Login Record, if one already exists. This assures that each new password generated for that Login Account will continue to work with the account in accordance with the policy set for it.

The procedure to follow and the interaction which takes place when manually generating or editing a password schema for a Login Record which already contains a password is slightly different than that for a Login Record where no previous password schema has been generated or edited.

Instead of viewing the new password as indicated in the previous Manual EDIT sequences, this interaction is as follows:

e The Token presents the New and Old Passwords;

e The user must enter and confirm the new password as well as delete the old password contained in the Login Record of the autoload.

Manual EDIT Mode

(continued)

The following table describes this modified

interaction with the Token.

Entry / Action

After Completing the Input Sequences on page 13.

Press the enter key ( @) to view the new calculated/input password.

Press the down arrow key ( W) to scroll down to view the old password.

Press the enter key ( @.

* * To erase the old password, press the down arrow key ( & to scroll down.

Press the enter key ( @). Press the enter key ( @. To Exit: Press left arrow key

( A <) twice to exit back to VIEW Mode.

The display does not return to

Edit Pwd?” but reads View New (the Password icon will be blinking)

The display presents the purely random password as generated for that Login Record utilizing the default schema by the AutoGenerate function.

The display reads View Old

The display presents the existing (old) password to be replaced for the Login Record.

The display reads Erase Old

he Display reads Con/ir he Display reads Erased

nit will Return to VIEW Mode. he Display reads Vien

** Note A: Alternatively, if you do not wish to erase the old password,

you can keep it indefinitely in the Login Record.

To keep the old

password, simply press the left arrow key twice to exit the erase sequence. If you elect to not erase the old password in this manner, each time you subsequently access that Login Record, you will be able to view the new and old passwords for the Login Record selected.

Display / Result

In OPTIONS Mode, you can

Change your personal finger authentication pattern to the unit;

View and change the default style of password the unit auto generates (if allowed by administrator settings See Policy Master Manual);

View and change the unit’s lockout features including its destroy function (if allowed by administrator settings See Policy Master Manual); and

Change the default sleep settings (if allowed by administrator settings See Policy Master Manual).

OPTIONS Mode

Default Settings, Preferences and Lockouts

To enter OPTIONS Mode (from VIEW Mode):

Entry / Action Display / Result

See Steps on how to enter View | The display reads Vien Mode.

Simultaneously press the down and | The display reads Options (the up arrow keys | OPTIONS Mode Indicator Lamp ( WA) to enter the OPTOINS | will also be displayed)

Mode.

Press enter key ( @). | The Main Display Area will display the first OPTIONS Mode menu item Code ?

To Exit: Press the left arrow key | The display will read Vien ( <Q