I'm using a Junos Pulse Secure Access Service (Juniper Networks), which requires to enter a RSA PIN in addition to the password. I don't know if this is always the case or if it's a custom configuration. After entering both I get an email with a generated tokencode, which I have to enter.
The PIN isn't generated, it stays the same until I change it manually. There are no restrictions on when I have to change the PIN (besides on first login), therefore it's just something I have to remember like the password.
I don't think it makes the system more secure, so what is the RSA PIN used for? Could this be a misconfiguration which could lead to a security risk?