Generate passcodes on macOS

Your SafeNet MobilePASS+ tokens can be configured by your system administrator to generate passcodes using one of the following methods:

• Time-based: When you unlock a time-based token, the OTP displays and a countdown icon shows a countdown until next refresh. As long as the token is unlocked, the OTP refreshes automatically.

• Event-based: When you unlock an event-based token, either a greyed-out icon (meaning the OTP cannot be refreshed) or a refresh icon (that must be tapped to refresh the OTP) displays.

• Challenge-Response: When you unlock a challenge-response token, you are prompted to enter a challenge code before the OTP displays. When the token is unlocked, select the refresh icon and enter a challenge to generate another OTP.

Your SafeNet MobilePASS+ app can contain multiple SafeNet MobilePASS+ tokens, configured with different passcode generation methods.

Generate a passcode with a time-based token

If you are using a time-based token, the passcode is generated automatically after the specified time interval has elapsed. When a new passcode is generated, the previous passcode is no longer valid.

1. Open the SafeNet MobilePASS+ app.

2. If there is more than one token, select the required token.

   

3. If your token is PIN-protected, enter the PIN, or if available, use Touch ID.

   The PIN entered must be in accordance with the policy set by your system administrator. For example, the minimum length and character types required.
   You are allowed only a certain number of attempts to enter the correct PIN, depending on how many permitted retries your administrator has defined. If you exceed the number of allowed retries, your token must be re-enrolled.

   After you successfully authenticate, the passcode displays for each time-based token. The passage of time displays on the time-elapsed icon. A new passcode displays at the end of the specified time-interval.

   

4. To copy the passcode to the clipboard, select the passcode.

   As a security best practice Thales Group recommends that users do not use the copy and paste function for the OTP or enrollment strings because the clipboard is shared among all applications running on a device.

Generate a passcode with an event-based token

Event-based tokens are so-called because they require an event to generate the passcode. In SafeNet MobilePASS+, the event is the instant that you select the refresh button. The passcode is valid until another passcode is generated.

1. Open the SafeNet MobilePASS+ app.

2. If there is more than one token, select the required token.

3. If your token is PIN-protected, enter the PIN, or if available, use Touch ID.

   The PIN entered must be in accordance with the policy set by your system administrator. For example, the minimum length and character types required.
   You are allowed only a certain number of attempts to enter the correct PIN, depending on how many permitted retries your administrator has defined. If you exceed the number of allowed retries, your token must be re-enrolled.

   After you successfully authenticate, the passcode displays for each event-based token.

4. To generate a new passcode, select the generate icon .

   

5. To copy the passcode to the clipboard, select the passcode.

   

   As a security best practice Thales Group recommends that users do not use the copy and paste function for the OTP or enrollment strings because the clipboard is shared among all applications running on a device.

Generate a passcode with a challenge-response token

To generate a passcode on a challenge-response token, you must first receive the challenge code. To receive the challenge code, follow the procedure used in your organization.

1. Open the SafeNet MobilePASS+ app.

2. If there is more than one token, select the required token.

3. If the token is PIN-protected, enter the PIN, or if available, use Touch ID.

   The PIN entered must be in accordance with the policy set by your system administrator. For example, the minimum length and character types required.
   You are allowed only a certain number of attempts to enter the correct PIN, depending on how many permitted retries your administrator has defined. If you exceed the number of allowed retries, your token must be re-enrolled.

4. Enter the challenge code in the field provided and then select OK.

   

   The passcode displays.

5. To generate another passcode, select Enter Challenge, and then repeat the process.