This article provides instructions for Thales SafeNet token users who want to change their token password and for those who need to regain access to their token after being locked out because of multiple incorrect placement of the token password during code signing.
For this guide, you will need a currently activated Thales SafeNet Token, your existing Token Password/PIN and your PUK.
If you need to recall your token password and PUK, follow the steps below or contact SSL.com support team:
- Sign in to your SSL.com account.
- Click the Orders tab, followed by the download link of your certificate order to display its details. On the physical tokens section, activate your Thales token by placing its serial number on the allotted field. Upon activation of your Thales token, the physical tokens section will display your Activation PIN and Admin PIN. The Admin PIN is your Token Password and the Activation PIN is the PUK.
How to Change your Current Thales SafeNet Token Password
- Open SafeNet Authentication Client.
- Click Change Token Password
- On the Change Password Token window, do the following tasks:
- In the Current Token Password field, enter your current token password/PIN that you use for signing.
- In the New Token Password and Confirm Password fields, place and confirm your new token password/PIN. Take Note of the password requirements: A secure password has at least 8 characters, and contains upper-case letters, lower case letters, numerals, and special characters (such as !, $, #, %).
- Click OK to finalize the process.
- Success! A message will appear confirming the change in your token password. You can now proceed to sign your file using your new password/PIN. After changing your Token Password, it is advisable for you to store it in a password manager.
How to Set New Token Password Due to Locked Token
When attempting to sign your file on SignTool and you placed the wrong token password/PIN, this message will appear: Incorrect password.
When you have exceeded the maximum number of logon attempts allowed, the following message will appear: The token is locked as a result of too many failed logon attempts. Contact your administrator.
To be able to reuse your Thales token for signing, You will need to set a new token password/PIN with the use of your PUK. Please follow the instructions below.
- Open SafeNet Authentication Client.
- Click the gear icon for an Advanced view.
- Next, click the icon with your device’s name next to it and then, the button Set Token Password.
- In the following window, enter your PUK.
- Finally, enter the new PIN in the next two fields Token Password and Confirm Password and click the OK button.
- Success! You now have a new token password that you can use for signing.
For detailed instructions on how to sign your code using your Thales SafeNet token, please refer to this SSL.com guide: Code Signing with a Thales SafeNet (Gemalto) USB token.