Tokens, electronic keys for accessing important information, are becoming increasingly popular in Russia. The token is now not only a means for authentication in the operating system of a computer, but also a convenient device for storing and presenting personal information: encryption keys, certificates, licenses, certificates. Tokens are more reliable than a standard “login/password” pair due to the two-factor identification mechanism: that is, the user must not only have an information carrier (the token itself) available, but also know the PIN code.
There are three main form factors in which tokens are issued: a USB token, a smart card, and a key fob. PIN security is most commonly found in USB tokens, although recent USB tokens come with RFID tag capability and an LCD display to generate one-time passwords.
Let us dwell in more detail on the principles of functioning of tokens with a PIN code. A PIN code is a specially set password that breaks the authentication procedure into two stages: attaching a token to a computer and entering the actual PIN code.
The most popular token models in the modern Russian electronic market are Rutoken, eToken from the Aladdin company, and an electronic key from the Aktiv company. Let's consider the most frequently asked questions regarding token PIN codes using the example of tokens from these manufacturers.
1. What is the default PIN?
The table below provides information about the default PIN codes for Rutoken and eToken tokens. The default password is different for different owner levels.
| Owner | User | Administrator |
| Rutoken | 12345678 | 87654321 |
| eToken |
1234567890 | By default, no administrator password is set. Can be set via control panel for eToken PRO, eToken NG-FLASH, eToken NG-OTP models only. |
| JaCarta PKI | 11111111 | 00000000 |
| JaCarta GOST | Not set | 1234567890 |
| JaCarta PKI/GOST |
For PKI functionality: 11111111
When using JaCarta PKI with "Backward compatible" option - PIN - 1234567890 For GOST functionality: PIN code not set |
For PKI functionality: 00000000
When using JaCarta PKI with "Backward compatible" option - PIN code is not set For GOST functionality: 1234567890 |
| JaCarta PKI/GOST/SE |
For PKI functionality: 11111111
For GOST functionality: 0987654321 |
For PKI functionality: 00000000
For GOST functionality: 1234567890 |
| JaCarta PKI/BIO | 11111111 | 00000000 |
| JaCarta PKI/Flash | 11111111 | 00000000 |
| ESMART Token | 12345678 | 12345678 |
| IDPrime card | 0000 | 48 zeros |
| JaCarta PRO/JaCarta LT | 1234567890 | 1234567890 |
2. Should I change the default PIN? If so, at what point in working with the token?
3. What should I do if the PINs on the token are unknown and the default PIN has already been reset?
The only way out is to completely clear (format) the token.
4. What should I do if the user PIN is blocked?
You can unlock the user PIN through the control panel of the token. To perform this operation, you need to know the administrator PIN.
5. What should I do if the Admin PIN is blocked?
You cannot unlock the Admin PIN. The only way out is to completely clear (format) the token.
6. What security measures have manufacturers taken to reduce the risk of password guessing?
The main points of the security policy for PIN-codes of USB-tokens of Aladdin and Active companies are presented in the table below. After analyzing the table data, we can conclude that the eToken will presumably have a more secure PIN code. Rutoken, although it allows you to set a password of just one character, which is unsafe, in other respects it is not inferior to the product of the Aladdin company.
| Parameter | eToken | Rutoken |
| Minimum PIN length | 4 | 1 |
|
Composition of the PIN |
Letters, numbers, special characters | Numbers, letters of the Latin alphabet |
| Greater than or equal to 7 | Up to 16 | |
|
PIN security administration |
There is | There is |
| There is | There is |
The importance of keeping the PIN code secret is known to all those who use tokens for personal purposes, store their electronic signature on it, trust the electronic key with information not only of a personal nature, but also with the details of their business projects. Aladdin and Aktiv tokens have pre-installed protective properties and, together with a certain degree of precaution that will be taken by the user, reduce the risk of password guessing to a minimum.
Rutoken and eToken software products are presented in various configurations and form factors. The proposed assortment will allow you to choose exactly the model of the token that best meets your requirements, whether
If the user entered the wrong password several times, the eToken may be blocked.
To unlock eToken, you must follow the steps described below, and even give the user a link to a book on memory training, so in a friendly way.
I forgot my etoken password, what should I do?
We are all people, we all have our own problems and worries, things that we do not often use often fly out of our memory, such a thing can be for an etoken user, such a red or blue flash drive. Don't worry, we'll fix it.
Launch the eToken PKI Client program (install the program if necessary)
Select an eToken reader, then click "Show detailed view"
Click on the button "Login as Admin"
Enter the Administrator password, then click " OK" . By default, the eToken must have an administrator password set. 0987654321
If the administrator password was entered correctly, a message should appear "Logged in as Administrator"
Then click on the button "Set user password"
Set a new password and click " OK" (we strongly recommend that you use the default password) 1234567890 ) so you don't forget.
Hello everyone, today I will remind you what is the password for eToken and Rutoken. They seem to be simple, but sometimes I forget them. We will also consider how Rutoken differs from eToken, since not everyone knows this, but this knowledge is very very useful. I will also tell you how, if necessary, you can change this password.
The first thing you need to explain is what eToken and Rutoken are > these are special flash media whose task is to securely store a signing or encryption certificate (private key), which is equivalent to a person’s paper signature and the whole thing is password protected. Producers issue tokens with a standard password already set:
Difference between etoken and rutoken
And so, we found out what this whole thing is used for, now let's talk about the difference between etoken and rutoken. Firstly, the rutoken has a red color, while the etoken has a red color. Secondly, they have different amounts of memory:
- In rutoken, the amount of memory varies from 32 kb to 126 kb
- Etoken has a maximum volume of 72Kb, where the user can only use 47Kb
I want to note right away that in CryptoPRO both carriers work the same way
Summary table of differences between etoken and rutoken
Etoken default password
I want to note that if you received the token in some certification center, then the password has been changed with one hundred percent probability and you need to check it with the technical support that generated it. Please note that if you enter the wrong combination a certain number of times, the token may be blocked.
These codes are also called pin codes, so do not be surprised if you hear the phrase pin rutoken by default, techies have their own language.
- for eToken - 1234567890
- for Rutoken and Rutoken EDS:
- user: 12345678
- administrator: 87654321
Now you all know what the default etoken password is, to be honest, I constantly confuse them. Although they are made simple, but apparently for me this information is not very important, and the memory reacts in its own way. Programs for changing and setting a new password Etoken PKI Client or SafeNet Authentication Client.
Procedure:
1. Delete completed passwords. To do this, you need to launch CryptoPro in the control panel, go to the tab Service and press the button Delete remembered passwords.
2. Set the checkbox opposite the field Delete all remembered private key passwords:User
Launch the eToken Properties program. Switch to the detailed display view. To do this, click on the button and check the number of "user password attempts - left". Should be "15", if "0", then the eToken is blocked.
You must be logged in with administrator rights. To do this, click Login with rightsami adminstrator, as shown in the screenshot. Enter the password from the recall card (if the password does not match, in this case, the password for the previously recorded key was saved on the media).
Attention! In no case do not allow blocking under the administrator. In this case, the device will be completely blocked without the possibility of key recovery! If you do not know the password, please contact technical support for advice.
3. Then set the user password. To do this, click Set user password. Enter the same password.
After setting the user password, the number of attempts will be 15 - the eToken is unlocked.
