Purdue BoilerKey: FAQ



General Purdue BoilerKey Questions

  1. What is a BoilerKey?

    The Purdue BoilerKey is a convenient means of significantly improving the security of protected computer systems. The BoilerKey is an implementation of two-factor authentication, a system that requires two forms of verification of identity before a person can access protected computer resources. In addition, codes that are consistently changing and may be used one time only, provide additional layers of security that are capable of resisting many types of malicious attempts to gain access.

    At Purdue, these two forms of verification are something you know (career account and either a password or PIN) and something you have (a BoilerKey token or a application on your mobile phone). These two items are used in place of your password alone to gain access to computer applications and systems.

    The BoilerKey comes in two forms, one of which is a small electronic device (known as a hard token) that displays a series of six digits when activated and the other is an application for your smartphone (known as a soft token) that displays the six digit code.

  2. Why are we using the BoilerKey?

    The primary reason for using the BoilerKey is that it is more secure. It uses two-factor authentication to increase the level of security. Two-factor authentication uses something you know (your Career Account password) and something you have (the BoilerKey) to increase the security of the system.

    As the number of systems using the BoilerKey for access increases, your value in using the BoilerKey also increases.

  3. What is Two-Factor Authentication?

    Two-factor authentication is the use of two separate requirements that must be used together to gain access to an application or portal. In our solution, something you know (your Career Account password) and something you have (the BoilerKey) combine to grant you access.

    For example, if you use your bank card to obtain cash from the ATM, the card is something you have and your ATM PIN is something you know. Combined, these two factors reduce the likelihood that an unauthorized person could obtain access to your account.

Getting Started With a Purdue BoilerKey

  1. How do I request a Purdue BoilerKey?

    The Purdue BoilerKey comes in two forms, one of which is a small electronic device (known as a hard token) that displays a series of six digits when activated and the other is an application for your smartphone (known as a soft token) that displays the six digit code.

    To Request Access:
  2. How do I setup my new Purdue BoilerKey?

    Getting Started - How to set up your key to begin using it the first time.

  3. What is a BoilerKey code?

    The BoilerKey code is string of six numbers that are displayed on your BoilerKey. These seemingly random numbers are generated by the device and displayed on the BoilerKey's LCD screen (hard token) or smartphone application (soft token).

  4. What is a Passcode?

    The default passcode is your Purdue Career Account password augmented with the six digits your BoilerKey provides seperated by a comma. The format is:

    Passcode = [Career Account Password],[BoilerKey Code]


  5. What if I don't want to use my Career Account Password in the Passcode?

    The option to use a four (4) digit personal identification number (PIN) instead of your Purdue Career Account Password as part of the passcode is available. To set a PIN:

    1. Go to the Purdue BoilerKey Self Serve page.

    2. In the "Set an optional 4 digit PIN number for your BoilerKeys" section, enter the new PIN in the first field, your BoilerKey Passcode ([Career Account Password],[BoilerKey Code]) field and then click Set Pin.


    Your BoilerKey Passcode will now be:
    Passcode = [PIN],[BoilerKey Code]


General Use of Purdue BoilerKey Questions

  1. What if I can't login using the BoilerKey?

    If you are currently using your Purdue career account password as part of your passcode
    Try again using your Purdue career account password and the six digits displayed on your BoilerKey as the passcode in the password field:

    Passcode: [Career Account Password],[BoilerKey Code]


    If you are currently using a PIN as part of your passcode
    Try again using your PIN and the six digits displayed on your BoilerKey as the passcode in the password field:

    Passcode: [PIN],[BoilerKey Code]

    Please note that the comma between the Career Account Password/PIN and the BoilerKey Code is required. If you are again unsuccessful, generate a new BoilerKey code and try again.

    If you are still unsuccessful after the second try, visit the BoilerKey Self Serve site. Use the Re-Synchronize section of the page to re-synchronize your token.

  2. Can I log in to the OnePurdue portal with my regular password?

    No. Once you have been set up to use the BoilerKey, only the passcode will work. If your key is temporarily unavailable and you need access, please contact your Distributed IT Support Group or the ITaP Customer Support Center at: 44000 (on campus) or 765-494-4000 (off campus).

  3. How does the current password policy affect me now that I have a BoilerKey?

    You are still required to follow the every 180 day (or 90 day if you have additional privileges) password change policy for your Purdue Career Account.

  4. What should I do if I lose my BoilerKey?

    If the BoilerKey is lost or if you suspect that it has been stolen or used by a third party, you should immediately report the BoilerKey as lost. Please contact your Distributed IT Support Group or the ITaP Customer Support Center at: 44000 (on campus) or 765-494-4000 (off campus).

  5. What happens if I mis-type the passcode?

    The system will reject your login attempt and will allow you to attempt to login again. If you attempt to login unsuccessfully four times within fifteen minutes, the system will disable your account and require you to wait ten minutes before attempting another login.

  6. How many times can I mistype the passcode?

    The passcode may be incorrectly entered up to four times in a fifteen minute period. If you attempt to login unsuccessfully four times within fifteen minutes, the system will disable your account and require you to wait ten minutes before attempting another login.

  7. Why would the system reject my login attempt?

    There are several reasons why the system may reject your login attempt. First, verify that you have entered your career account password and the BoilerKey code displayed on the BoilerKey, seperated by a comma, correctly. If you have verified that you have entered the correct passcode and are still unable to authenticate, then go to the BoilerKey Self Serve page. Login to the Self Serve page using your career account information and check your passcode. If checking your passcode results in a passcode not correct message, re-synchronize your BoilerKey and try again.

Physical or Hard Token Specific Questions

  1. How do I use a BoilerKey Hard Token to Generate a BoilerKey Code?

    The BoilerKey is designed to provide a six-digit code in the display panel of the device that may be used, as part of a passcode, to login to a computer application or portal. The BoilerKey generates and displays a seemingly random series of six numbers called the BoilerKey code. When combined with your Purdue Career Account, it is called the passcode and is used instead of the password for SAP Portal login.

    To have your Purdue BoilerKey generate a new code, hold your token with the notched end for the key ring to the right and then press the button directly to the right of the display screen. The BoilerKey will display the new code for 25 seconds. If you need a new code, you can press the button and a new code will be displayed.

    How to hold a Purdue BoilerKey Hardtoken


  2. What happens if the number disappears while I am entering it into the application?

    If you were able to put in the entire sequence before it disappeared, go ahead and submit it. The system is able to use BoilerKey codes that are within a limited time period.

    If you need to generate a new code, press the button next to the display and a new code will be generated.

    How to hold a Purdue BoilerKey Hardtoken


  3. What happens if the display includes letters along with numbers?

    There are two possibilities where letters could be displayed:

    1. Verify that you are holding the BoilerKey correctly. The token should be read while it's held with the button on the right side of the display. Some numbers appear to be letters if the BoilerKey is upside-down.

      How to hold a Purdue BoilerKey Hardtoken


    2. If you are still seeing letters on the display, your token might be in diagnostic mode (If the button is held down for an extended period, the token will enter this mode). You will need to cycle the display back into token mode. To do this, you'll need to press and release the button until the display goes blank (this might take up to 15 times). The BoilerKey is now in token mode once again.


  4. Can a thief use a stolen BoilerKey?

    No. There are two reasons why it would be unusable to a would-be hacker. First, they do not have access to your Purdue Career Account password and probably wouldn't know your login name. Both of those would also be required to login. Second, by just notifying us that it has been lost or stolen, we can quickly disable the BoilerKey, preventing it from being used to gain access to any resources.

  5. Can a BoilerKey be opened or tampered with?

    It could of course be opened if the would-be hacker has the time and tools to do it. Opening the BoilerKey would most likely disable it, however. It would require an extensive effort to gain any information of value and by then you would have notified us that you no longer have the BoilerKey.

  6. Can a defective BoilerKey be replaced?

    A BoilerKey that is not functioning properly can be replaced. Contact your Distributed IT Support Group or the ITaP Customer Support Center at:
    On Campus: 44000 or
    Off Campus 765-494-4000.

Smartphone Application or Soft Token Specific Questions

  1. How do I install the Purdue BoilerKey application on my smartphone?

    Purdue University uses the Duo Mobile application to generate BoilerKey codes. To download and install the Duo Mobile application, please click on the following link for your flavor of smartphone:
  2. How do I use the BoilerKey Application to Generate a BoilerKey Code?

    The Purdue BoilerKey system uses the Duo Mobile application to generate a six-digit code that may be used, as part of a passcode, to login to a computer application or portal. The application generates and displays a seemingly random series of six numbers called the BoilerKey code. When combined with your Purdue Career Account (or an optional PIN), it is called the passcode and is used instead of the password.

    To have your Duo Mobile application generate a new BoilerKey code, tap on the key icon next to the account named Purdue University. The application will now display a new code on your smartphone. If you need a new code, you can tap the key icon on the Purdue University account to display a new code.    

If you have any questions, please send email to accounts@purdue.edu.

Purdue University, 610 Purdue Mall, West Lafayette, IN 47907, (765) 494-4600

© 2015 Purdue University | An equal access/equal opportunity university | Copyright Complaints | Maintained by ITaP

Trouble with this page? Disability-related accessibility issue? Please contact ITaP at itap@purdue.edu.