Automatically accommodate out-of-sync hardware tokens
You can adjust the time-step window for hardware tokens to automatically accommodate token drift. When the internal clock of the hardware token drifts too far from the correct time, the token displays invalid codes. If you increase the time-step window, any code within that window is valid, even if the token is out of sync.
For example, if you set the time-step window to "2", the code that is displayed on the token is accepted as a valid code if it precedes or follows the expected code by two refresh intervals. In this example, if the code displayed on the token is the third code preceding or following the expected code, the code would be considered invalid and the One-Time Password would be rejected.
This setting adjusts the time-step window for all hardware tokens. Adjust the time-step window according to the number of refresh intervals by which you think the tokens are out of sync.
- In the management console, clickSettings > External Integration.
- ClickBlackBerry 2FA one-time password tokens.
- In theTime-step windowfield, click .
- Enter a value between 0 and 50. The default value is 3. To accept only the expected code, which may or may not match the code displayed on the token, set the time-step window value to 0.