SecurID and SEPM

Symantec Endpoint Protection Manager Console (SEP11) allows authentication through local accounts, Active Directory and SecurID. SecurID is a two factor authentication system which combines a user known PIN and a token generated 6 digit code for authentication. The token is generated every 60 seconds.

Because the SecurID passcode is always changing imagine my surprise when I attempted to log into SEPM and I received an error that my password has expired. After checking the KB and the Symantec forums and not finding an answer, I opened a case with support. Support tells me that this is a known issue that should be fixed in a future maintenance release.

For now I'm either going to have to configure AD authentication for people requiring access to the SEPM console (such as admins and helpdesk). If I continue with SecurID accounts I'll have to recreate their accounts every 90 days.

I think its a really good idea to use AD or SecurID for authentication so that each administrator doesn't end up with 50 accounts with bad passwords that are never changed. It would be preferable however if the authentiction actually worked correctly.