Your suggested change has been received. Thank you.

STA documentation
- Explore Thales Docs

SafeNet Trusted Access
SafeNet Agents
SafeNet MobilePASS+
API references
Account management
Release notes

All

All
CipherTrust Manager
CipherTrust Application Data Protection (CADP)
CipherTrust Application Key Management (CAKM)
CipherTrust Batch Data Transformation (BDT)
CipherTrust Cloud Key Management (CCKM)
CipherTrust Data Discovery and Classification (DDC)
CipherTrust Data Protection Gateway (DPG)
CipherTrust Database Protection (CDP)
CipherTrust Intelligent Protection (CIP)
CipherTrust Integrations
CipherTrust Migrations
CipherTrust RESTful Data Protection (CRDP)
CipherTrust Transparent Encryption (CTE)
CipherTrust Transparent Encryption Userspace (CTE-U)
CipherTrust Secrets Management (CSM)
CipherTrust Vaulted Tokenization (CTE-V)
CipherTrust Vaultless Tokenization (CT-VL)
CTE-Linux
CTE-Windows
CTE-AIX
CTE-K8s
CTE-U
Data Protection on Demand
Luna Cloud HSM
Luna Network HSM
Luna PCIe HSM
Luna USB HSM
OneWelcome Identity Platform
ProtectApp LUKS
ProtectServer 2 HSM
ProtectServer 3 HSM
SafeNet Trusted Access (STA)
SafeNet MobilePASS+
SafeNet MobilePASS+ for Android
SafeNet MobilePASS+ for Chrome
SafeNet MobilePASS+ for macOS
SafeNet MobilePASS+ for iOS
SafeNet MobilePASS+ for WatchOS
SafeNet MobilePASS+ for Widows
SafeNet Synchronization Agent
SafeNet Logging Agent
SafeNet Agent for FreeRADIUS
SafeNet Agent for NPS
SafeNet Agent for Windows Logon
SafeNet Authentication Service Private Cloud Edition (SAS PCE)
SafeNet Remote Logging Agent
SafeNet Keycloak Agent
SafeNet IDPrime Virtual (IDPV)
SafeNet FIDO Key Manager
SafeNet FIDO Key Manager for Android
SafeNet FIDO Key Manager for iOS
SafeNet FIDO Key Manager for Windows

SafeNet MobilePASS+ for macOS

Generate passcodes on macOS

SafeNet MobilePASS+
SafeNet MobilePASS+ for Android
- Enroll MobilePASS+ on Android
- Third-party authenticators on Android
- Biometric PINs on Android
- Generate passcodes on Android
- Push OTP on Android
- Authenticator PINs on Android
- Manage authenticators on Android
- MobilePASS+ info on Android
SDK for Android and iOS
SafeNet MobilePASS+ for Chrome OS
- Enroll on Chrome OS
- Generate passcodes on Chrome OS
- Push OTP on Chrome OS
- Authenticator PINs on Chrome OS
- Rename and delete on Chrome OS
- View information on Chrome OS
SafeNet MobilePASS+ for iOS
- Enroll MobilePASS+ authenticators on iOS
- Third-party authenticators on iOS
- Biometric PINs on iOS
- Generate passcodes on iOS
- Push OTP on iOS
- Authenticator PINs on iOS
- Manage authenticators on iOS
- View information on iOS
SafeNet MobilePASS+ for macOS
- Enroll on macOS
- Generate passcodes on macOS
- Push OTP on macOS
- Authenticator PINs on macOS
- Rename and delete on macOS
- View information on macOS
SafeNet MobilePASS+ for watchOS
SafeNet MobilePASS+ for Windows
- Enroll MobilePASS+ authenticators on Windows
- Third-party authenticators on Windows
- Generate passcodes on Windows
- Push OTP on Windows
- Change the Authenticator PIN
- View information on Windows
- Rename and delete on Windows
- Share authenticators on Windows
- Accessibility support for MobilePASS+
- Frequently asked questions
- Troubleshooting
- Terminology
MobilePASS+ frequently asked questions
SafeNet MobilePASS+ terminology

STA documentation
SafeNet MobilePASS+
SafeNet MobilePASS+ for macOS
Generate passcodes on macOS

Generate passcodes on macOS

Your SafeNet MobilePASS+ authenticators can be configured by your system administrator to generate passcodes using one of the following methods:

Time-based: When you unlock a time-based authenticator, the OTP displays and a countdown icon shows a countdown until next refresh. As long as the authenticator is unlocked, the OTP refreshes automatically.
Event-based: When you unlock an event-based authenticator, either a greyed-out icon (meaning the OTP cannot be refreshed) or a refresh icon (that must be tapped to refresh the OTP) displays.
Challenge-Response: When you unlock a challenge-response authenticator, you are prompted to enter a challenge code before the OTP displays. When the authenticator is unlocked, select the refresh icon and enter a challenge to generate another OTP.

Your SafeNet MobilePASS+ app can contain multiple SafeNet MobilePASS+ authenticators, configured with different passcode generation methods.

Note

The number of pending login requests is displayed at the bottom of the app screen.

pending login requests

Sending the app to the background or exiting the app locks all of the authenticators.

Generate a passcode with a time-based authenticator

If you are using a time-based authenticator, the passcode is generated automatically after the specified time interval has elapsed. When a new passcode is generated, the previous passcode is no longer valid.

Open the SafeNet MobilePASS+ app.
If there is more than one authenticator, select the required authenticator.
If your authenticator is PIN-protected, enter the PIN, or if available, use Touch ID.

Note
The PIN entered must be in accordance with the policy set by your system administrator. For example, the minimum length and character types required.
You are allowed only a certain number of attempts to enter the correct PIN, depending on how many permitted retries your administrator has defined. If you exceed the number of allowed retries, your authenticator must be re-enrolled.

After you successfully authenticate, the passcode displays for each time-based authenticator. The passage of time displays on the time-elapsed icon. A new passcode displays at the end of the specified time-interval.
To copy the passcode to the clipboard, select the passcode.

Note
As a security best practice Thales Group recommends that users do not use the copy and paste function for the OTP or enrollment strings because the clipboard is shared among all applications running on a device.

Generate a passcode with an event-based authenticator

Event-based authenticators are so-called because they require an event to generate the passcode. In SafeNet MobilePASS+, the event is the instant that you select the refresh button. The passcode is valid until another passcode is generated.

Open the SafeNet MobilePASS+ app.
If there is more than one authenticator, select the required authenticator.
If your authenticator is PIN-protected, enter the PIN, or if available, use Touch ID.

Note
The PIN entered must be in accordance with the policy set by your system administrator. For example, the minimum length and character types required.
You are allowed only a certain number of attempts to enter the correct PIN, depending on how many permitted retries your administrator has defined. If you exceed the number of allowed retries, your authenticator must be re-enrolled.

After you successfully authenticate, the passcode displays for each event-based authenticator.
To generate a new passcode, select the generate icon .
To copy the passcode to the clipboard, select the passcode.

Note
As a security best practice Thales Group recommends that users do not use the copy and paste function for the OTP or enrollment strings because the clipboard is shared among all applications running on a device.

Generate a passcode with a challenge-response authenticator

To generate a passcode on a challenge-response authenticator, you must first receive the challenge code. To receive the challenge code, follow the procedure used in your organization.

Open the SafeNet MobilePASS+ app.
If there is more than one authenticator, select the required authenticator.
If the authenticator is PIN-protected, enter the PIN, or if available, use Touch ID.

Note
The PIN entered must be in accordance with the policy set by your system administrator. For example, the minimum length and character types required.
You are allowed only a certain number of attempts to enter the correct PIN, depending on how many permitted retries your administrator has defined. If you exceed the number of allowed retries, your authenticator must be re-enrolled.
Enter the challenge code in the field provided and then select OK.

The passcode displays.
To generate another passcode, select Enter Challenge, and then repeat the process.

On this page

Generate a passcode with a time-based authenticator
Generate a passcode with an event-based authenticator
Generate a passcode with a challenge-response authenticator

SafeNet Trusted Access

© Copyright 2019-2025, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com

Support
- Customer Release Notes
- Customer Support Portal
Legal

© Copyright 2019-2025, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com

Suggest A Change

Thank you! Your suggestion has been submitted.

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

There are some errors in your form.

Your Name This field is required

Your Email This field is required

How can we improve this content? This field is required

Print

Suggest An Edit

Download this Page

Download Project

Copy Link

Copy Link

Copy Link