BoilerKey FAQ

1. What is BoilerKey, two-factor authentication?

BoilerKey, Purdue’s version of two-factor authentication, improves the security of protected computer systems and personal data.

Two-factor authentication (also known as multi-factor authentication or two-step verification) is an extra layer of protection – more protection than a traditional password. Two-factor authentication should be used on accounts that contain sensitive information, such as bank accounts, social security numbers, health information and more.

At Purdue, these two forms of verification are something you know – career account and PIN – and something you have – the Duo Mobile application on your smartphone or a hardware token. These two items are used in place of your password wherever you see the BoilerKey logo and on the virtual private network (WebVPN).

2. Why are we using the BoilerKey?

Two-factor authentication increases the level of security; it uses something you know and something you have to increase the security of the system.

Specifically, BoilerKey protects University systems and your sensitive data, such as a social security number and bank account information. Even if someone gains your username and password or PIN, they will not have the physical device needed to break into your account.

3. How do I request a BoilerKey?

Visit https://purdue.edu/boilerkey to request a hardware token or to set up the Duo Mobile application on your smartphone or tablet.

You are able to register multiple devices with the Duo Mobile application, but you can only use one hardware token at a time.

4. Can I log in with my regular password?

No. Once you have been set up to use the BoilerKey, only the passcode (“PIN,push” or “PIN,6-digit code”) will work where you see the BoilerKey logo and the virtual private network (WebVPN).

5. How does the current password policy affect me now that I have a BoilerKey?

You are still required to change your password once a year.

6. What should I do if I lose my BoilerKey token or leave it at home or am having trouble getting it to work?

If the BoilerKey is lost or if you suspect that it has been stolen or used by a third party, you should immediately report it. Please contact your campus unit’s IT support group or the ITaP Customer Service Center at 765-494-4000.

There are two steps that you can take BEFORE you either lose your BoilerKey or leave it at home so that you can still access your account.

1) Self-service recovery. You must register your cell phone number by visiting the Update Cell Phone tool (https://www.purdue.edu/apps/account/UpdateCellPhone).

This option is for the Duo Mobile app users who replaced a smartphone or for those with a hardware token who either left it at home or lost it.

Once you have registered your cellphone number, go to any page requiring BoilerKey to sign in and click “Issues with your BoilerKey?” This will start the BoilerKey self-recovery process. You will be asked to verify your identity by providing your career account login, 10-digit PUID number and your date of birth. Once verified, you will be sent a 9-digit code via text message that can be used in place of "push" or the generated code from a BoilerKey token or the app. Example: “0000,123456789”

2) Backup codes. Go to https://www.purdue.edu/apps/account/BoilerKeySelfServe, sign in, and click “Obtain lists of one-time use backup codes.” Once you have the codes, print them out and store them somewhere secure, such as your wallet or a locked drawer.

When you are without your hardware token or smartphone, you can use these 9-digit codes in place of “push” or the generated code from the token or app. Example: “0000,123456789”

7. What if my device cannot connect to the internet (bad cell phone signal, traveling internationally, etc.)?

If your phone is not connected to the internet, use the Duo Mobile app to receive a 6-digit code to use in place of the word push. Instead of "PIN,push”, you'll use "PIN,6-digit code".

To access the 6-digit code in the Duo Mobile app, tap the “Purdue University” entry in the app to reveal the 6-digit code.

8. What if my Duo Mobile smartphone app says "Account Not Found" during BoilerKey authentication?

If you are trying to authenticate with your Duo Mobile BoilerKey, and the Duo Mobile app on your smartphone says "account not found,” a request was received for an account that is no longer paired to this device. Replacing a smartphone, having a smartphone restored to factory settings during repair, or any other major change to the phone may cause your Duo Mobile BoilerKey to disconnect.

To fix this, remove any Duo Mobile BoilerKeys from your smartphone and from the BoilerKey website, and then set up a new Duo Mobile BoilerKey on the BoilerKey website.

To remove a Duo Mobile BoilerKey from your smartphone, press and hold where it says "Purdue University," and a menu should pop up with a remove option. To remove a Duo Mobile BoilerKey from the BoilerKey website, visit purdue.edu/boilerkey and log in using a backup code. Once logged in, click “Manage my Duo Mobile BoilerKeys” and remove the device.

9. What if my device is connected to the internet, but the Duo Mobile app is still not receiving PUSH notifications?

Make sure that your network connection is working, either Wi-Fi or cellular data. The push message requires a network connection. If you’re in an area with poor network reception, click the “Purdue University” entry in the Duo mobile app to get a 6-digit token code instead. Enter that along with your PIN number in this format: 4-digit PIN, 6-digit code. For example: 1234,56789

If problems persist, the best way to get the push functionality working again is to request a new Duo Mobile BoilerKey, set that up, and then remove the old Duo Mobile BoilerKey from the Duo Mobile app by pressing and holding where it says "Purdue University.” A menu should pop up with a remove option.

To remove a Duo Mobile BoilerKey from your smartphone, press and hold where it says "Purdue University," and a menu should pop up with a remove option. To remove a Duo Mobile BoilerKey from the BoilerKey website, visit purdue.edu/boilerkey and log in using a backup code. Once logged in, click “Manage my Duo Mobile BoilerKeys” and remove the device.

10. I have an Apple iPhone and can’t seem to get the Duo “push” message option to work.

Check the “Notifications” settings for the Duo mobile application in the iPhone’s Settings app and make sure notifications are turned on. If turned off, you won’t be able to receive the push notifications. Go to Settings->Duo Mobile->Notifications to check the notification settings.

11. Can I install the Duo Mobile application on my laptop?

No. Duo Mobile is only available on smartphones and tablets.

12. Can a defective BoilerKey token be replaced?

A BoilerKey that is not functioning properly can be replaced. Contact your campus unit’s IT support group or the ITaP Customer Service Center.

13. Can I have more than one BoilerKey (either Duo Mobile, tokens or a combination)?

Yes, users can have more than one BoilerKey. They are managed via the BoilerKey and BoilerKey Self Recovery web pages.

If you have multiple Duo Mobile tokens, PIN,push will only notify the first device registered on your BoilerKey page. The second DUO Mobile token will be notified if you use PIN,push2, the third to PIN,push3 and so on.