What is a BoilerKey?
A BoilerKey is a small electronic device that displays six digits that are used as part of a login password
(or passcode). It provides a different, unpredictable series of six numbers every minute. The system can calculate
the number currently being displayed on the BoilerKey and will allow you access to the application if the correct
personal identification number (PIN) is entered along with the currently displayed numbers.
Each BoilerKey has a unique serial number. It is designed to display its series of numbers for up to six years. The
BoilerKey’s sealed case should not be opened or tampered with as doing so may cause it to cease functioning.
What if I can’t login using the BoilerKey?
Try again using your four-digit PIN and the six digits displayed on your BoilerKey. If you are again unsuccessful,
wait until the numbers on the BoilerKey change and attempt to login again. [If you are unsuccessful after four
attempts within 15 minutes, the system will lock you out and require you to wait ten minutes until your next attempt.]
If you are still unsuccessful after the second try, follow the BoilerKey links on the SecurePurdue Website
(www.purdue.edu/securepurdue) to the BoilerKey Self Serve site. Wait for
the BoilerKey code (the numbers on the BoilerKey) to change before attempting to check your BoilerKey or to reset your
PIN.
Check your passcode by filling in the PIN and BoilerKey code and clicking the “Check Passcode” button. If that is
successful, proceed to the application and attempt to login again.
If the passcode is not valid, please set a new PIN using the “Set a new PIN” line and check the passcode again after
completing the PIN change. Please remember to wait for the BoilerKey code to change before checking the passcode or
attempting to login again.
If you still have difficulty logging in please contact your Distributed IT Support Group or the ITaP Customer Support
Center at: 44000 (on campus) or 765-494-4000 (off campus).
Why do I have to wait for the BoilerKey code to change before using the BoilerKey again?
The system will only allow a BoilerKey code to be used one time. This built-in safeguard requires you to wait for a
new BoilerKey code before using the BoilerKey again.
Why are we using the new BoilerKey?
The primary reason for using the BoilerKey is that it is more secure. It uses two-factor authentication to increase
the level of security. Two-factor authentication uses something you know (a personal identification number) and
something you have (the BoilerKey) to increase the security of the system.
Additionally, the login process with the BoilerKey may be easier than having to remember the complex, frequently
changing password currently required for some systems. As the number of systems using the BoilerKey for access
increases, your value in using the BoilerKey also increases.
What is Two-Factor Authentication?
Two-factor authentication is the use of two separate requirements that must be used together to gain access to an
application or portal. In our solution, something you know (a personal identification number or PIN) and something
you have (the BoilerKey) combine to grant you access.
For example, if you use your bank card to obtain cash from the ATM, the card is something you have and your ATM PIN
number is something you know. Combined, these two factors reduce the likelihood that an unauthorized person could
obtain access to your account.
Can I log in to the OnePurdue portal with my regular password?
No. Once you have been set up to use the BoilerKey, only the passcode will work. If your key is temporarily unavailable
and you need access, please contact your Distributed IT Support Group or the ITaP Customer Support Center at: 44000 (on
campus) or 765-494-4000 (off campus).
How does the 30/120 day password policy affect me now that I have a BoilerKey?
You are still required to follow the 30/120 password change policy as before on all systems except for the OnePurdue
portal. Since you are using your BoilerKey to log in to the OnePurdue portal, in effect, you are providing a different
password each time you log in.
If your only 30 day password change requirement is for the SAP Portal, your mandatory password change may revert to 120
days for password protected accounts.
What should I do if I lose my BoilerKey?
If the BoilerKey is lost or if you suspect that it has been stolen or used by a third party, you should immediately
report the BoilerKey as lost. Please contact your Distributed IT Support Group or the ITaP Customer Support Center at: 44000 (on campus) or 765-494-4000 (off campus).
How do you use a BoilerKey?
The BoilerKey is designed to provide a six-digit code in the display panel of the device that may be used, as part of a
passcode, to login to a computer application or portal. The BoilerKey generates and displays a seemingly random series
of six numbers called the BoilerKey code. When combined with a personal identification number (PIN) you provide, it is
called the passcode and is used instead of the password for SAP Portal login.
What is a PIN?
A PIN is the personal identification number (PIN) that is combined with the BoilerKey code to provide the passcode for
the application or portal. The PIN is four digits (numbers only) and is created by you when you first set up your
BoilerKey online.
What is a Passcode?
A passcode is the ten digit number used in place of a password for systems using the BoilerKey. The passcode is
created by combining the four digits of your PIN with the six digits currently being displayed on your BoilerKey.
Are there any requirements for my PIN?
Your PIN should be four digits long. You should avoid easily-guessed PINs like “1234”, “1111” or ones that have some
kind of public information about you in them (e.g., digits from your phone number). Never write down your PIN! Memorize
it.
What if I forget my PIN?
You set a new PIN by logging into the BoilerKey Self Serve page. Follow the BoilerKey links at:
www.purdue.edu/securepurdue/. Login to the Self Serve page using
your career account information. Set a new PIN for your BoilerKey by entering a new PIN in the box, entering the
current BoilerKey code then entering in the next BoilerKey code after the code changes.
What is a BoilerKey code?
The BoilerKey code is string of six numbers that are displayed on your BoilerKey. These seemingly random numbers are
generated by the device and displayed on the BoilerKey’s LCD screen.
What is a passcode?
The passcode is the ten numbers that you use in place of a password for access. It consists of your PIN and your
BoilerKey code (the numbers displayed on your BoilerKey).
Remember: PIN + BoilerKey code = passcode
What happens if I mis-type the passcode?
The system will reject your login attempt and will allow you to attempt to login again. If you attempt to login
unsuccessfully four times within fifteen minutes, the system will disable your account and require you to wait ten
minutes before attempting another login.
How many times can I mistype the passcode?
The passcode may be incorrectly entered up to four times in a fifteen minute period. If you attempt to login
unsuccessfully three times within fifteen minutes, the system will disable your account and require you to wait ten
minutes before attempting another login.
Why would the system reject my login attempt?
There are several reasons why the system may reject your login attempt. First, verify that you have entered your PIN
and the BoilerKey code displayed on the BoilerKey correctly. Re-enter the PIN followed by the current BoilerKey code.
If you have verified that you have entered the correct passcode and are still unable to authenticate, then go to the
BoilerKey Self Serve page. Follow the BoilerKey links at:
www.purdue.edu/securepurdue/. Login to the Self Serve page
using your career account information and check your passcode. You may also reset your PIN in case you may have
forgotten it.
What happens if the number changes while I am entering it into the application?
If you were able to put in the entire sequence before it changed, go ahead and submit it. The system is able to use
BoilerKey codes that are within a limited time period.
Can a thief use a stolen BoilerKey?
No. There are two reasons why it would be unusable to a would-be hacker. First, they do not have access to your PIN and
probably wouldn’t know your login name. Both of those would also be required to login. Second, by just notifying us
that it has been lost or stolen, we can quickly disable the BoilerKey, preventing it from being used to gain access to
any resources.
Can a user's PIN be used without a BoilerKey?
No. A PIN alone is useless. If a would-be hacker was able to find out your PIN, they would still have to combine it with
the current BoilerKey code to gain access. Of course, you should change your PIN number as soon as possible. PIN numbers
may be changed by going to the Self Serve page. Follow the BoilerKey links to the Self Serve page at:
www.purdue.edu/securepurdue/.
What happens if a thief tries to use a BoilerKey by guessing the user's PIN?
If the system detects repeated login attempts with an invalid PIN but valid BoilerKey-codes, the system assumes that an
unauthorized user has obtained the BoilerKey and is trying to guess the user's PIN. The system locks the user account
in this event.
Can a BoilerKey be opened or tampered with?
It could of course be opened if the would-be hacker has the time and tools to do it. Opening the BoilerKey would most
likely disable it, however. It would require an extensive effort to gain any information of value and by then you would
have notified us that you no longer have the BoilerKey.
Can a defective BoilerKey be replaced?
A BoilerKey that is not functioning properly can be replaced. Contact your Distributed IT Support Group or the ITaP
Customer Support Center at: On Campus: 44000 or Off Campus 765-494-4000.
What are the little bars to the left of the numbers on the BoilerKey LCD screen?
The bars are a countdown to show you when the numbers displayed will change again. When the numbers change, six small,
stacked bars are present to the left edge of the screen. Every ten seconds, the topmost bar disappears until when there
are no bars left, it will be ten seconds until the numbers change.