MobilePASS+ frequently asked questions
SafeNet MobilePASS+ users generate passcodes on their devices and use those passcodes to authenticate to protected corporate and web-based applications.
SafeNet MobilePASS+ allows secure remote access to corporate and web-based applications. An integrated support feature allows a company’s system administrator to manage it directly from a token management application.
What is a SafSafeNeteNet MobilePASS+ token?
SafeNet MobilePASS+ is an authenticator app that generates an OTP (One-Time Password), also referred to as a passcode, to use for secure remote access to corporate and web-based applications. It works independently of network connectivity.
How does SafeNet MobilePASS+ protect your users?
Password theft is the method used most frequently by thieves and hackers to steal identities and gain unauthorized access to computer networks. While they have many ways to steal a password, success depends on the stolen password being valid, in much the same way that credit card theft relies on the card being usable until it's reported missing.
SafeNet MobilePASS+ prevents the stolen password from being used to log in to the protected network, even if your users and security professionals are unaware that it has been stolen, because immediately after logging on, the generated passcode stops being valid. Any attempt to log in by reusing the passcode fails, and alerts your network security professionals to the possibility that a user's identity has been stolen.
How do users generate a passcode on their device or computer?
After installing SafeNet MobilePASS+ on their device or computer, users generate a passcode with the application. They might be required to enter a PIN before generating the passcode.
How do users get started with SafeNet MobilePASS+?
After users install the application on their device or computer, they activate a token using any of the following methods:
Automatic Enrollment - They receive a self-enrollment email from your company, which contains a link to the self-enrollment web site and instructions for installing, enrolling, and activating their token.
QR Code Enrollment - On Android or iOS devices, the self-enrollment email includes a link to a web page containing a QR code. Users the QR code to enroll their SafeNet MobilePASS+ token. This is recommended when they cannot receive email or open self-enrollment from the target device.
Copy-Paste Enrollment - Users copy an activation code that is included in the self-enrollment email and paste it in their SafeNet MobilePASS+ app.
As a security best practice, Thales Group recommends that users do not use the copy and paste function for the OTP or enrollment strings because the clipboard is shared among all applications running on a device.
If a user has not received an enrollment email, what should they do?
If they have not received their self-enrollment email, they should contact their system administrator to arrange for a new self-enrollment email to be sent.
For how long will their token continue to operate?
A token is able to generate passcodes until it is revoked by the security administrator.
What is self-enrollment?
Self-enrollment is the process of activating a token. A user must complete this process before using their SafeNet MobilePASS+ token to log in.
What are the benefits of using the token?
SafeNet MobilePASS+ enables users to access corporate and web-based resources securely. In addition, it reduces or eliminates the need to remember or periodically change login passwords, because their token will do this for them.
How do users protect their security PIN?
If their SafeNet MobilePASS+ token is configured to use a PIN, users must protect it as they would the PIN for their credit card. They must never share it with anybody. The network security administrator and help desk will never ask for their PIN and they should never reveal it. They must never write down their PIN.
What should users do if they cannot log in using their token?
The most common cause of a failed login is entering an incorrect passcode. Users should ensure that they enter the code exactly as displayed on the token, including any punctuation, and upper and lower case letters. They should never attempt to reuse a passcode. Their account automatically locks for a period if they exceed the allowed number of consecutive failed login attempts. They must wait for the required period of time before their account becomes active again. They can contact your company’s help desk to resolve login problems.
What is push OTP?
The SafeNet MobilePASS+ push OTP feature enables users to authenticate with a single tap, eliminating the need to manually generate a passcode on their mobile device, or to enter the passcode manually in the login page of their protected resource (website or network).
How do users use push OTP?
To use push OTP, users enter their username in the login page of their protected device and select Autosend. They receive a login request on their SafeNet MobilePASS+ app. After they select Approve, a passcode is automatically sent to their protected resource and they are logged in.
How do users enable push notifications behind a proxy?
The application must have access to a channel URI (Uniform Resource Identifier) to enable push notifications.
To receive the push notifications, we strongly recommend whitelisting the following URLs in the user's proxy: *.notify.windows.com, *.wns.windows.com
If, alternatively, your organization requires a fixed range of IP address, users can download the file and perform the necessary changes on the site.
For more details see Windows Notification Service (WNS) VIP and IP Ranges: