Automatically accommodate out-of-sync hardware tokens

You can adjust the time-step window for hardware tokens to automatically accommodate token drift. When the internal clock of the hardware token drifts too far from the correct time, the token displays invalid codes. If you increase the time-step window, any code within that window is valid, even if the token is out of sync.
For example, if you set the time-step window to "2", the code that is displayed on the token is accepted as a valid code if it precedes or follows the expected code by two refresh intervals. In this example, if the code displayed on the token is the third code preceding or following the expected code, the code would be considered invalid and the One-Time Password would be rejected.
This setting adjusts the time-step window for all hardware tokens. Adjust the time-step window according to the number of refresh intervals by which you think the tokens are out of sync.
  1. In the management console, click
    Settings > External Integration
    .
  2. Click
    BlackBerry 2FA one-time password tokens
    .
  3. In the
    Time-step window
    field, click .
  4. Enter a value between 0 and 50. The default value is 3. To accept only the expected code, which may or may not match the code displayed on the token, set the time-step window value to 0.
  5. Click
    Update
    .