Change RSA SecurID lockout policy?

We have a SecurID appliance running Auth Manager 6.1.  It seems as though the account lockout threshold is after 3 failed login attempts.  Is there a way to increase this?  We have found that people will repeatedly key in a wrong password 2-3 times thinking they mistyped it before realizing that they're using the wrong password, at which point they're already locked out.  This is a big inconvenience for us because it requires an administrator to unlock them, and it's getting old having to get out of bed at midnight to do this.  I looked through Auth Manager but could not find a setting to adjust the lockout settings.  Hopefully someone else can offer some insight.
LVL 3
FWestonAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

CoccoBillCommented:
From the RSA Authentication Manager 6.1 Administrator’s Guide:

The RSA Authentication Manager system requires that some false passcode entries be
tolerated. System security demands that intruders be prevented from trying one entry
after another until a lucky guess results in a successful authentication. You can specify
in RSA Authentication Manager the number of incorrect authentication attempts to
accept before taking each of the following actions:
• Putting the token into Next Tokencode mode
• Disabling the token

To configure Agent management of incorrect passcodes on a Windows server:
1. Click Start > Programs > RSA Security > RSA Authentication Manager
Configuration Tools > RSA Authentication Manager Configuration
Management.
2. Click Agent.
3. Enter the configuration values for each Agent type.
4. Click OK.
5. Click OK.
6. Repeat these steps on all servers in the realm as this information is not replicated.
For more information, see “Agent Host Passcode Configuration” on page 242.

You can set "incorrect passcodes before next token code" and " incorrect passcodes before disabling token". The default values are 3 for next token code and 10 for disabling.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
FWestonAuthor Commented:
Perfect, thanks!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.