Is the "unlock code" the same as the "token password"?

Upon delivery, your token has a random token password, so there is no use in trying to guess it. (There is no harm either.) Your token is effectively blocked and you must unlock it first.

The reason for this course of action is to let you pick your own token password, and to have you setup an informal label for your token at the same time. In other words, you are given a chance to personalise your token when you first set it up.

The unlock code is intended to allow you to do this. You will be able to do this only once, because the unlock code is a one-time code. This means that you need not destroy the code; it is simply invalid after you used it. If it worked for you, you can conclude that nobody else performed the unlocking procedure on your token.

After you personalised your token, you normally don't see any more unlock codes. You simply use your token password. Only if you lock yourself out, by entering a wrong token password five times in a row, you will have to request a new unlock code from OpenFortress. These are codes that require input from your token (so OpenFortress cannot generate them at will, your cooperation is needed) and these new unlock codes are sent to the address that you registered when you purchased your token (so we can effectively separate the rightful owner from somebody trying to abuse your token).

You should note that the lockout after five wrong login attempts means that you are even reasonably safe if you choose a short password. We advise you to pick a combination of digits and/or letters that is random, but picking a long one is far less urgent than with normal computer passwords.

To summarise:

• Unlock codes help you setup a new token password;
• Token passwords are intended for everyday use;
• Your token password can be shorter than normal computer passwords.

This setup is intended to simplify your life when using the LockTop. We hope you enjoy it.