IT Services

Two-Step Authentication

Two-Step Verification is now available for PennKey users! All PennDesign staff and faculty are required to opt in.

NOTE: Beginning February 14th of 2019, all students will be required to opt in for Two-Step authentication. 

If you have additional questions, please contact PennDesign ITS via ithelp@design.upenn.edu.

Enrolling in Two-Step

You can sign up for Two-Step via this portal. You can also visit the Two-Step Verification FAQ page to learn more about the available Two-Step methods.

Once you're enrolled with Two-Step authentication, all PennKey-protected forms and/or services will require you to verify your identity with Two-Step authentication.

You can avoid multiple Two-Step prompts by "trusting" the web browser on the device you're using, which secures that device and browser as "trusted." This will nullify Two-Step prompts on that device/browser for 30 days.

Methods of Two-Step Authentication

There are a multitude of ways to authenticate with Two-Step. They include:

  • Duo Mobile Smartphone App (Preferred Method)
  • Text or Phone Call
  • Generate List of 20 Authentication Codes
  • Keychain FOB (these are sold by the Penn Computer Connection)

Technical Issues

Common issues with setting up Two-Step authentication may include the following:

  • New phone
    • Refer end user to the Two-Step Manage Settings page to register new device (This will require generating a Two-Step code by recovery options tied to your Two-Step account).
  • Authenticator code not being accepted
    • App: ensure device is using Network time server
    • Fob: A token can get "out of sync" if the button is pressed too many times in a row and the generated passcodes aren't used for login. In some cases, this can happen by accident if the token is stored next to other objects in a pocket, backpack, etc. Generate three passcodes in a row to attempt to resynchronize the token.