Change of the server PIN

The server personal identification number (server PIN) is a PIN required for authentication, which you need to type in the authentication password field in addition to the one-time password (OTP). It is verified by the authentication server.

The server PIN is optional. Whether it is required is specified in the Digipass authenticator setup on the server side.

Before you begin

To change a server PIN you need:

• Digipass Authentication for Windows Logon Credential Provider or Digipass Authentication for Windows Logon Tray Agent installed
• the current server PIN
• to choose a strong server PIN which cannot be easily guessed, but which you can still easily remember

Do not record your server PIN either in writing or electronically, and do not disclose it to anyone (including supervisors or co-workers)!

Change a server PIN

To change a server PIN you can use Digipass Authentication for Windows Logon Tray Agent, if installed. On Windows 10, Windows Server 2016, or later, you can change a server PIN directly using Digipass Authentication for Windows Logon Credential Provider via the Windows logon screen.

To change a server PIN using the Windows logon screen

1. Log on to Windows.
2. Press CTRL+ALT+DELETE to get to the Windows logon screen.
3. Click Change a password.
4. If you have not logged on using your Digipass authenticator, click Other Credentials and select the Change Digipass Server PIN user tile for your account.

   If one or more users are already logged on, several Digipass Authentication user tiles may be available.

   

   Changing the server PIN via the Windows logon screen

5. If required, type your static password in the Password field.

   Whether you need to type your static password depends on the OneSpan Authentication Server configuration.

6. Generate a new one-time password (OTP) with your Digipass authenticator.
7. Type the generated OTP in the OTP field.
8. Type the current server PIN in the Current PIN field.
9. Type and confirm a new server PIN in the New PIN and Confirm PIN fields.

To change a server PIN using Digipass Authentication for Windows Logon Tray Agent

1. Select Change Server PIN in the Digipass Authentication for Windows Logon Tray Agent shortcut menu to display the Change Server PIN dialog.

   

   Changing server PIN using Digipass Authentication for Windows Logon Tray Agent

2. If required, type your static password in the Password field.

   Whether you need to type your static password depends on the OneSpan Authentication Server configuration.

3. Generate a new one-time password (OTP) with your Digipass authenticator.

4. Type the generated OTP in the OTP field.

5. Type the current server PIN in the Current PIN field.
6. Type and confirm a new server PIN in the New PIN and Confirm new PIN fields.
7. Click Change.

   Change remains disabled until you type values in all fields, except for the Password field, which is optional.

Additional considerations

• The OneSpan Authentication Server administrator may enforce changing the server PIN. In this case, you will be requested to change the server PIN at the next authentication.
• The system administrator may restrict access to certain program features. If Change Server PIN is not available, it may be disabled.
• The static password is used for back-end authentication. Whether you need to type your static password in the Password field depends on the OneSpan Authentication Server configuration.
• If you provide correct OTP credentials and server PIN, but type a wrong static password, the server PIN is changed anyway.

If you are the system administrator or OneSpan Authentication Server administrator:

• You need to provide information about whether the static password is required when changing the server PIN. OneSpan Authentication Server uses the static password for back-end authentication and requires it to keep track of password changes, if you enable the Back-End Authentication option in your policy. You do not need to provide it if you have OneSpan Password Synchronization Manager (PSM) installed. However, this is of course not applicable when password randomization is used.

  For more information, refer to the OneSpan Authentication Server Administrator Reference