BoilerKey Two-Factor Authentication
BoilerKey, Purdue’s version of two-factor authentication, improves the security of protected computer systems and personal data. Here’s how it works.
What is two-factor authentication?
Two-factor authentication (also known as multi-factor authentication or two-step verification) is an extra layer of protection – more protection than a traditional password.
Two-factor authentication should be used on accounts that contain sensitive information, such as bank accounts, social security numbers, health information and more.
What is BoilerKey?
At Purdue, these two forms of verification are something you know – career account and PIN – and something you have – the Duo Mobile application on your smartphone or a hardware token. These two items are used in place of your password wherever you see the BoilerKey logo and on the virtual private network (webVPN).
An example of how Boilerkey works with the Duo Mobile application.
How does BoilerKey work?
There are two options for BoilerKey: the Duo Mobile app and the hardware token (a key fob).
Duo Mobile App
When using the Duo Mobile app, users have two options to verify their identity.
1. Instead of using your career account password, you will enter a 4-digit, unique PIN that you choose when signing up for BoilerKey, then a comma and the word “push”.
Once you submit, a notification will pop up on your phone’s screen to either “accept” or “deny.” If the notification does not automatically display on the screen, open the Duo Mobile app to approve it.
It is important to act quickly as the notification will eventually time out. (You may want to have the Duo Mobile app open and ready when you sign in.)
2. Instead of using your career account password, you will enter a 4-digit, unique PIN that you choose when signing up for BoilerKey, then a comma and the 6-digit code generated from the Duo Mobile app by tapping “Purdue University” in the app.
This option is useful when you have spotty Wi-Fi or cellphone service, or if you are travelling to a foreign country and have no service at all. The code must be used straightaway otherwise it will expire.
Instead of using your password, you will enter a 4-digit, unique PIN that you choose when signing up for BoilerKey, then a comma and the 6-digit code generated when you press the button on the hardware token.
Log in quickly because the 6-digit code will expire.
Hardware Token Care Instructions
The BoilerKey hardware token is the property of Purdue University and is issued to employees and students at no charge. Tokens must be promptly surrendered to the University at termination or separation of employment or academic career.
The token must be kept private and secure; do not permit others to use your token.
You must not attempt to alter, circumvent or otherwise tamper with the BoilerKey hardware token. Do not corrupt, deface or damage the token. The token has no replaceable parts, including its battery.
To Request Access
Departmental BoilerKey Administrator
To apply to become a departmental administrator, please complete the BoilerKey Administrator Request Form.
Additional BoilerKey Help
For additional assistance with the BoilerKey service, please see the below resources.
YouTube Instructional Video
ITaP Customer Service Center
Purdue Northwest Information Services
PFW Information Technology Services