J.P. Morgan Access RSA Securid Software Token Faqs

Total Page:16

File Type:pdf, Size:1020Kb

J.P. Morgan Access RSA Securid Software Token Faqs J.P. Morgan Access® RSA SecurID® Software Token FAQs This guide is confidential and proprietary to J.P. Morgan and is provided for your general information only. It is subject to change without notice and is not intended to be legally binding. All services described in this guide are subject to applicable laws and regulations and service terms. Not all products and services are available in all locations. Eligibility for particular products and services will be determined by JPMorgan Chase Bank, N.A. or its affiliates. J.P. Morgan makes no representation as to the legal, regulatory or tax implications of the matters referred to in this guide. J.P. Morgan is a marketing name for the Wholesale Payments businesses of JPMorgan Chase Bank, N.A., member FDIC, and its affiliates worldwide. JPMorgan Chase Bank, N.A., organized under the laws of U.S.A. with limited liability. ©2020 JPMorgan Chase & Co. All rights reserved. April 2020 What is happening with my security token? A If you use an RSA SecurID® security token, you will have a new software token option. This change is part of the J.P. Morgan Access Administration credential management enhancements introduced to select clients on June 10, 2019. When will the RSA SecurID® software token be available to all clients? A The RSA SecurID software token is scheduled for general availability in late August 2019. Can I change from the hardware version of the RSA SecurID® token to the software version? A If you are an active user with the hardware version of the RSA SecureID token, a Security Administrator (SA) can assign you with a software token. Once this is done, you will receive a text message with the software token activation code and a notification email, which will have the RSA Secure ID Soft Token Registration instructions in an Adobe® PDF format attached. You can use either a hardware token or a software token; you cannot use both. Please note that you must have a mobile number in your Access profile before a software token is assigned to you. This will allow you to receive an activation code to register the software token. I haven’t received the software token activation code. What do I do now? A Please contact your Security Administrator and ask them to resend the activation code. If you are an existing Access user who has logged in using the software token, you will not receive an activation code. Note to Security Administrators: Go to Edit User Select User Click on Resend Activation code. You should always check if the end user’s mobile device number is correct in Administration-Credential Management. Where can I download the software token app? Which mobile devices is the J.P. Morgan Access® RSA SecurID® Software Token app compatible with? A You can open either the Apple® App Store® or Google PlayTM store on your Apple iOS® or AndroidTM mobile devices. Search for the “RSA SecurID® Software Token” app, and download the app. Be sure you are able to access the Apple App Store or Google Play Store, which typically require a personal authentication on your mobile device before allowing the download. At this time, Apple iOS or Android mobile devices are compatible with the J.P. Morgan Access RSA SecurID Software Token” app. If I am a new J.P. Morgan Access® user or a current user who was migrated to a software token, how will I receive the software token instructions? A Once your Security Administrator sets you up with a software token, you will receive two emails: • One email will contain the User ID and two documents attached: the J.P. Morgan Access® New User Quick Start Guide and RSA Secure ID® “Registering a Software Token on your device” registration instructions in an Adobe® PDF format. • The second email will contain a temporary password and instructions for setting up a new password. Note to Security Administrators: Any user that is provisioned with a software token will be automatically converted to an Alternate Logon User (ALU-HSM) status, which has additional password rules. Can the software token be used with J.P. Morgan Access® Mobile? A Yes, if you are entitled to the Mobile application. You will need to log on to Access via a desktop or laptop with the software token first. After the first logon, you will be able to use the software token with Mobile. What should I do with my existing hardware token? A You can hold on to the hardware token until you are comfortable with using the software token. If you no longer need the hardware token, please mail or courier it to: Attention: J.P. Morgan Access Expired Tokens 10410 Highland Manor Drive - Floor 03 Tampa, FL, 33610-9128, United States Why should I use a software token rather than a hardware token? A In general, software tokens have certain advantages over hardware tokens. For example, they can’t be lost, they can be automatically updated with the latest protections, and they can be distributed to users on demand, anywhere on the globe. This eliminates the need to carry around an additional piece of hardware, and software tokens have been incorporated into most smartphones in the form of an app. Do I have to convert to a software token? Will J.P. Morgan Access® get rid of hardware tokens? A At this time, Access will continue to support hardware tokens. You should speak with your Security Administrator for any additional details about your company’s needs related to hardware and software tokens. Is it defined at the Client level whether a user has a software or hardware token? A Note to Security Administrators: In Administration Credential Management CLIENT LEVEL CLIENT PREFERENCES, there are three Default Settings: • ENABLED – allows users to be enabled to software tokens by default • DISABLED – Software token will not be available; The Security Administrator can only assign hardware tokens • OPTIONAL – Software token will be available to users, and the SA can choose which users to assign hardware tokens vs. software tokens Does the software token require additional authentication? How do I use the RSA SecurID® Software Token App? A The RSA SecurID Software Token App is readily available for use once it is successfully registered. You do not need any additional authentication to open the application, since your mobile device typically will have an authentication method (for example, password, swipe, fingerprint, facial recognition, etc.). Simply open the app on your mobile device, and enter the six-digit code along with your User ID and Password on the J.P. Morgan Access® Log On page. Can the Token be renamed in the app? A Yes. Follow these steps: 1. Choose the Menu option. 2. Select Settings (the gear icon) for the token you want to rename. From the menu that displays, tap Rename Token. 3. Edit the token name. Tap Ok to save the new name. When migrating an end user to a software token, at what point will the RSA SecurID® hardware token no longer be able to be used? A Once the approval process is completed (for example, Security Administrator 2 approves the software token), the end user’s hard token can no longer be used. The end user will need to go through the process of downloading, registering, and activating the software token on their mobile device. Note: End users can only have one Security credential type – either hard token or soft token – not both. How do I download and import the J.P.Morgan Access® software token if I already have an existing RSA SecurID® software token? First, tap the RSA Software token app on your mobile device to launch the app. Then do the following: 1. Tap the Menu icon to display the Token list screen. 2. From the Welcome screen, tap the + icon (Apple device) or Import Token (Android device). 3. Select either Scan QR Code or Enter Link. For this example, we will chose Enter Link. 4. Copy the URL from the RSA Soft Token Registration instructions provided by your Security Administrator and paste it into the import token field on the next screen. Or you can manually enter the URL into the import token field. (Be sure to copy the correct URL for your mobile device – iOS, or Android.) 5. On the next screen, enter your activation code to complete the import of the token. 6. Once successfully imported, a "Token successfully imported." acknowledgement message will display. Tap OK. Notes: • Once the token is successfully imported, the six-digit Token Code will display. When you are ready to log on to Access, enter this number in the Token Code field in the Access Log On page. • If you are entitled to Access Mobile, after an initial log on using a desktop or laptop, you can copy the Token Code from the RSA app by clicking the Copy icon, and pasting it into the Mobile app's Token Code field. How can I toggle from the J.P. Morgan Access® software token to another company’s software token? A From the JPMA Soft Token screen, tap the menu button. From the My Tokens screen, tap the soft token you want to display; enter the token code accordingly. How can I view the serial number of the software token on my mobile device? A Tap the information icon on the lower right of the Soft Token screen. The serial number, along with additional information, will display. Note: Screens will vary on an AndroidTM device; instructions are the same. If I have multiple User IDs, can I use the same software token? Or will I need to request an additional software token? A If you have multiple User IDs, you can request one software token for each user ID – up to ten tokens per mobile device.
Recommended publications
  • Blockchain and Digital Signatures for Digital Self-Sovereignty
    BLOCKCHAIN AND DIGITAL SIGNATURES FOR DIGITAL SELF-SOVEREIGNTY ____________________ A Thesis Presented to the Faculty of the Department of Computer Science University of Houston ____________________ In Partial Fulfillment of the Requirements for the Degree Masters of Science ____________________ By Brijesh B. Patel December 2018 BLOCKCHAIN AND DIGITAL SIGNATURES FOR DIGITAL SELF-SOVEREIGNTY ___________________________________________________ Brijesh B. Patel APPROVED: ___________________________________________________ Dr. Weidong Shi, Chairman Dept. of Computer Science ___________________________________________________ Dr. Nikolaos V. Tsekos Dept. of Computer Science ___________________________________________________ Dr. Chris Bronk Dept. of Information System Security ___________________________________________________ Dan Wells, Dean College of Natural Sciences and Mathematics II BLOCKCHAIN AND DIGITAL SIGNATURES FOR DIGITAL SELF-SOVEREIGNTY ____________________ An Abstract of a Thesis Presented to the Faculty of the Department of Computer Science University of Houston ____________________ In Partial Fulfillment of the Requirements for the Degree Masters of Science ____________________ By Brijesh B. Patel December 2018 III Abstract Principles of self-sovereignty have been integrated into the solution to achieve a mechanism where the user is in control of one's digital identity attributes. Through the use of attribute-based credentials, the solution presented here allows the user to control access to their digital identity attributes,
    [Show full text]
  • Security Token Service Application Pool
    Security Token Service Application Pool Unshipped and snobby Paolo never totalize his hurtfulness! Sorediate Wright retted his pandemonium postures sizzlingly. Inimitable Charlie emit: he rivetting his unfortunates costively and bareheaded. When joined to an AD domain it supports Windows Integrated Authentication. Otherwise, BDLC is unable to find and access the given secure store application. READ rights on all the web applications, the SP_Search will now run the Windows Service. Stops sharing the specified service application outside the farm. From here you need to bind that farm to whichever host you choose. Add the following to the web. In the Internet Information Services management console, in the Connections pane, expand the tree view, and then click Application Pools. Rename your object or delete the existing object. When the user hits the site, a central server will be contacted. The Security Token Service is no. Completely deletes an existing site collection and all subsites. But i am now not able to login to the site using windows authentication. Error: The Security Token Service is not available. Platform for creating functions that respond to cloud events. Restores one or more items from a backup. Checks and repairs the specified site collection and its contents. How can we make this translation better? Adds an endpoint to the Apps denied endpoint list. Sets a new credential mapping for a Secure Store Service application. Deletes a Secure Store application. Unless, there is a need due to business rules or performance constraint, these services may share single application pool in IIS. Can you copy the exact error code and I will be able to better help you! At what point in the install do I use the service account script? What do i need to do to resolve this? Three Service Instances are by default set up to run under the Local System or Local Service accounts: Claims to Windows Token Service, Document Conversions Launcher Service, and Document Conversions Load Balancer Service.
    [Show full text]
  • Step 4 How to Install Security Token to PC/Laptop & Change Token
    Classification : PUBLIC Step 4 How to Install Security Token to PC/Laptop & Change Token PIN How to Install Security Token to PC/Laptop 1. Plug the Security Token to PC/Laptop and copy the Trust_Key Software from Security Token. 2. Extract the content & install software Double Click on Trust Key Application Install the Trust Key Authentication ClientDouble click Classification : PUBLIC Click Install (Then it will install the driver) Click Finish Click the Trust key icon desktop. The display will look like this before plugging in the token. Classification : PUBLIC Plug in token After plugging in the token, display will look like this. Classification : PUBLIC Click user certificate Click View Classification : PUBLIC Click view to appear the certificate details. Click *Start*. Type *Run* and select it. Classification : PUBLIC Type *certmgr.msc* and click *OK* Certificate of current user appears Classification : PUBLIC Click *Personal* Click *Certificates* Classification : PUBLIC The Certificate will be displayed as User Certificate Installing SafeNet Authentication Client on Mac To install with the installer: 1. Double click the SafeNetAuthenticationClient.10.2.x.x.dmg file 2. To start the installation, double click SafeNet Authentication Client 10.2.pkg Classification : PUBLIC 3. Click Continue The Welcome to the SafeNet Authentication Client Installer window opens 4. Click Continue The Software License Agreement window opens 5. Click Agree to accept the software license agreement Classification : PUBLIC 6. Click Install The Standard Install window opens 7. Enter Username and Password and click Install Software NOTE: Administrator permissions are required to install SafeNet Authentication Client 8. Click Close and then perform a Restart (recommended) Classification : PUBLIC How to Change Security Token PIN The security token contains your Private Key, therefore neither the security token nor the token PIN should be shared with anyone under any circumstances.
    [Show full text]
  • Multi-Factor Authentication Version: 1.0 Date: February 2017 Author: PCI Security Standards Council
    INFORMATION SUPPLEMENT Multi-Factor Authentication Version: 1.0 Date: February 2017 Author: PCI Security Standards Council INFORMATION SUPPLEMENT Guidance for Multi-Factor Authentication Table of Contents Overview ....................................................................................................................................................................1 MFA and PCI DSS .................................................................................................................................................1 Terminology ............................................................................................................................................................1 Authentication Factors ............................................................................................................................................2 Independence of Authentication Mechanisms ......................................................................................................2 Out-of-Band Authentication .....................................................................................................................................3 Cryptographic Tokens .............................................................................................................................................3 Protection of Authentication Factors .....................................................................................................................5 Multi-step vs. Multi-Factor .......................................................................................................................................5
    [Show full text]
  • Security Token Service for SAP Single Sign-On and SAP Identity Management Document Version: 1.1 – 2018-07-31
    IMPLEMENTATION GUIDE | PUBLIC Security Token Service for SAP Single Sign-On and SAP Identity Management Document Version: 1.1 – 2018-07-31 Security Token Service for SAP Single Sign-On and SAP Identity Management company. All rights reserved. All rights company. affiliate THE BEST RUN 2018 SAP SE or an SAP SE or an SAP SAP 2018 © Content 1 Security Token Service for SAP Single Sign-On and SAP Identity Management.............3 1.1 What is a Security Token Service..................................................3 STS in Business-to-Business Scenarios...........................................4 1.2 Before Starting...............................................................6 System Requirements.......................................................6 Authorizations............................................................ 6 Limitations of the Security Token Service..........................................7 Keys and Keystores.........................................................8 1.3 Adding a Security Token Service to Your Network.......................................9 Downloading and Installing the Federation Software..................................9 Configuring the Security Token Service.......................................... 10 Enabling the Security Token Service.............................................12 Selecting Authentication Types for Web Services....................................12 Configuring Issued Security Tokens.............................................14 Trusting Application Service Providers...........................................16
    [Show full text]
  • Security, Encryption, and Certificates FAQ
    Security, Encryption, and Certificates FAQ Overview In Security Center 5.4, several new capabilities will be added that further strengthen the security of the platform itself, as well as the privacy of data. The aim is to prevent unauthorized access to stored and transmitted messages and data, as well as prevent attacks through the use of stronger encryption and authentication mechanisms. With growing demand for privacy, new capabilities in Security Center 5.4 will strengthen Genetec’s position and overall value proposition. This FAQ addresses some of the most common questions in relation to the new capabilities of Security Center: Encryption, Authentication, and Digital Certificates. These concepts are first described in generic terms; the FAQ then outlines how these new measures are used within Security Center 5.4. Encryption vs. Authentication vs. Authorization What is the difference between encryption, authentication, and authorization? Encryption is used to encrypt data so that only authorized users can see it. Authentication determines whether an entity is who they claim to be, eg. in the case of an individual, it is usually based on a username/password combination. Authentication does not actually say anything about what someone is authorized to do or has the right to do. o Client-side authentication uses username/password combinations, tokens (dual authentication), and other techniques. o Server-side authentication uses certificates to identify trusted third parties. Authorization is the function of specifying the rights, eg. defining the access rights someone has over a set of recourses such as a private data, computing resources, or an application. When users log into a Security Center system, what they are allowed or authorized to do depends on the set of privileges assigned to them by administrators.
    [Show full text]
  • The First Line of Defense in Security Is the Management of User Ids and Passwords
    User Credential Management The first line of defense in security is the management of user IDs and passwords RouteOne eBook User Credential Management - page 1 User IDs When establishing new user IDs verify that the access (permissions) granted is only what is needed for a user to perform their job. This is referred to as ‘least privilege.’ Often users are granted more access than necessary to perform their responsibilities. A single dealer employee (preferably the Dealer Security Manager) should be given the responsibility to administrator user accounts (IDs and passwords); a second individual should be given responsibility of the backup administrator. Passwords Rules Users that have been terminated by the dealership must have Do not share your passwords. Always make new passwords their access to dealership systems terminated immediately. difficult to guess by mixing letters, numbers, characters and Regardless of whether the user is voluntarily or involuntarily punctuation. The greater the mix, the more difficult the password terminated, their access to dealership systems should be will be to guess. terminated no later than the close-of-business on their last Additional Password Rules: day of employment with the dealership. A user ID that is not deactivated or terminated could be used by the former o Avoid using dictionary words employee or, if known, current employees for malicious o Change your password often activity. o Don’t share them with anyone o The longer, the better o Make it a phrase o Don’t leave them lying around RouteOne eBook User Credential Management - page 2 Multi Factor Authentication RouteOne has implemented Multi-Factor Authentication to further enhance the security of the RouteOne system.
    [Show full text]
  • Rsa Securid® Access Authenticator Choices Data Sheet
    DATA SHEET RSA SECURID® ACCESS AUTHENTICATOR CHOICES DATA SHEET When organizations have confidence their information is secure, they are empowered to use it to accelerate their business. Identity assurance creates confidence and extends user authentication from a single security measure to a continual trust model that is the basis of how an identity is used and what it can do. The RSA SecurID® authenticators are a key component of an organization’s identity assurance strategy. Trusted identities managed by RSA bring confidence to everyday transactions and support new business models providing secure access for employees, customers and partners while striking the right balance between risk, cost and convenience. One size does not fit all when it comes to choosing the right authenticator to balance your security, total cost of ownership and end-user security needs. With a broad range of easy-to-use form factors, there are RSA SecurID authenticators available to suit a wide variety of organization and application requirements. MOBILE MULTI-FACTOR AUTHENTICATION MADE EASY: Easily set up your users to use advanced mobile MFA options and allow them to use a single authenticator to access both on-premises and cloud applications on all the major mobile platforms. • RSA SecurID Authenticate App – ONE authenticator for all your authentication needs, on-premises or cloud applications for multiple clients (iOS, Android, MS Windows). • Push notification, biometrics (Fingerprint and Eyeprint), One-Time Password (OTP) are available for on-premises resources such as VPN and cloud applications such as Office 365. o Mobile multi-factor authenticators can be purchased by RSA SecurID® Access Enterprise and Premium Edition customers.
    [Show full text]
  • Cointelegraph Security Token Report
    The Security Token Report 2021 Research Partners We thank our research partners for their support of this report. Authors Demelza Hays, Ph.D. Demelza Hays is the director of research at Cointelegraph, and formerly was a Forbes 30 Under 30, U.S. Department of State Fulbright Scholar, and fund manager of two regulated crypto funds. Katharina Gehra Katharina Gehra is the CEO & Co-Founder of Immutable Insight GmbH and the fund manager of the first German crypto hedge fund, a 3-times Capital Top 40 under 40 and a supervisory board member at Fürstlich Castell’sche Bank. She is the co-host of the blockchain pod- cast Block52. Silvan Thoma and Martin Liebi Silvan Thoma ([email protected]) / Martin Liebi ([email protected]) both PwC Legal, Switzerland advise and have advised multiple digital assets operators in the legal aspects of the issuance of digital assets and the set-up and licensing process of the operation of mul- tilateral trading facilities. Urszula McCormack Partner, Cross-Border Finance and Technology, King & Wood Mallesons. Urszula McCormack is one of Asia’s leading regulatory and digital economy lawyers, with a focus on emerging technologies. Urszula advises global banks, payment institutions, large technology com- panies, virtual asset issuers and innovators on new products, compliance and financial services licensing. She also advises on privacy regulation, digital transformation and algorith- mic design. Urszula is a member of multiple advisory bodies and is regularly invited to brief governments, regulators and transnational policymakers. Urszula is admitted to practice law in Hong Kong, Australia and England & Wales. © Crypto Research Report, © Cointelegraph Research, Security Token Report, 2021 3 Rika Khurdayan and Lee Schneider Rika Khurdayan is a lawyer and strategist, with a particular focus on blockchain and DLT.
    [Show full text]
  • Is Payment Tokenization Ready for Primetime?
    Is Payment Tokenization Ready for Primetime? Perspectives from Industry Stakeholders on the Tokenization Landscape Marianne Crowe and Susan Pandy, Federal Reserve Bank of Boston David Lott, Federal Reserve Bank of Atlanta Steve Mott, BetterBuyDesign June 11, 2015 Marianne Crowe is Vice President and Susan Pandy is Director in the Payments Strategies Group at the Federal Reserve Bank of Boston. David Lott is a Payments Risk Expert in the Retail Payments Risk Forum at the Federal Reserve Bank of Atlanta. Steve Mott is the Principal of BetterBuyDesign. The views expressed in this paper are solely those of the authors and do not reflect official positions of the Federal Reserve Banks of Atlanta or Boston or the Federal Reserve System. Mention or display of a trademark, proprietary product or firm in this report does not constitute an endorsement or criticism by the Federal Reserve Bank of Boston or the Federal Reserve System and does not imply approval to the exclusion of other suitable products or firms. The authors would like to thank members of the MPIW and other industry stakeholders for their engagement and contributions to this report. Table of Contents I. Executive Summary ................................................................................................................. 3 II. Introduction .............................................................................................................................. 4 III. Overview of Tokenization ......................................................................................................
    [Show full text]
  • Multi-Factor Authentication Implementation Introduction IRS
    Multi-factor Authentication Implementation Introduction IRS Publication 1075, Tax Information Security Guidelines for Federal, State, and Local Agencies (Pub 1075) requires that all access to federal tax information (FTI) occurs from agency-owned equipment. It also requires that any remote access has multi-factor authentication implemented. Remote access, defined by Pub 1075, is any access to an agency information system by a user communicating through an external network (i.e. the internet). These requirements are more important as agencies. looking to reduce costs, allow employees to work from home or telework. Multi-factor authentication drastically reduces the risk of identity theft and unauthorized disclosure of FTI. Multi-factor authentication decreases the probability that the requestor is not the person who he says he or she is. The number of factors is important, as it implies a higher probability that presenter of the identify evidence is who they claim to be. This document explains the different authentication factors and addresses the security requirements for implementing multi-factor authentication to meet the requirements of the Office of Safeguards. Mandatory Requirements This message discusses detailed requirements that must be applied when procuring or developing various multi-factor authentication implementations. An agency may choose to implement a system appropriate to its needs, but all requirements contained in this memorandum that pertain to that implementation must be fulfilled. Multi-factor authentication is required for “all remote network access to privileged and non-privileged accounts for information systems that receive, process, store or transmit FTI” (Pub 1075, Section 9.3.7.2, Identification and Authentication (Organizational Users) (IA-2)).
    [Show full text]
  • Security and Trust in Open Source Security Tokens
    IACR Transactions ISSN XXXX-XXXX, Vol. 0, No. 0, pp. 1–26. DOI:XXXXXXXX Security and Trust in Open Source Security Tokens Marc Schink, Alexander Wagner, Florian Unterstein and Johann Heyszl Fraunhofer Institute for Applied and Integrated Security (AISEC), Germany, [email protected] Abstract. Using passwords for authentication has been proven vulnerable in countless security incidents. Hardware security tokens effectively prevent most password-related security issues and improve security indisputably. However, we would like to highlight that there are new threats from attackers with physical access which need to be discussed. Supply chain adversaries may manipulate devices on a large scale and install backdoors before they even reach end users. In evil maid scenarios, specific devices may even be attacked while already in use. Hence, we thoroughly investigate the security and trustworthiness of seven commercially available open source security tokens, including devices from the two market leaders: SoloKeys and Nitrokey. Unfortunately, we identify and practically verify significant vulnerabilities in all seven examined tokens. Some of them are based on severe, previously undiscovered, vulnerabilities of two major microcontrollers which are used at a large scale in various products. Our findings clearly emphasize the significant threat from supply chain and evil maid scenarios since the attacks are practical and only require moderate attacker efforts. Fortunately, we are able to describe software-based countermeasures as effective improvements to retrofit the examined devices. To improve the security and trustworthiness of future security tokens, we also derive important general design recommendations. Keywords: security token · second factor authentication · FIDO · fault injection attack · side-channel attack · firmware protection 1 Introduction Passwords are the most common authentication mechanism for private as well as profes- sional IT services such as social media, banking or enterprise infrastructure.
    [Show full text]