Two-Step Authentication

You can sign up for Two-Step via this portal, and make sure to look at these detailed set up instructions. You can also visit the Two-Step Verification FAQ page to learn more about the available Two-Step methods.

Once you're enrolled with Two-Step authentication, all PennKey-protected forms and/or services will require you to verify your identity with Two-Step authentication.

You can avoid multiple Two-Step prompts by "trusting" the web browser on the device you're using, which secures that device and browser as "trusted." This will nullify Two-Step prompts on that device/browser for 30 days.

There are a multitude of ways to authenticate with Two-Step. They include:

• Duo Mobile Smartphone App (Preferred Method)
• Text or Phone Call
• Generate List of 20 Authentication Codes
• Keychain FOB (these are sold by the Penn Computer Connection)

Common issues with setting up Two-Step authentication may include the following:

• New phone
  • Refer end user to the Two-Step Manage Settings page to register new device (This will require generating a Two-Step code by recovery options tied to your Two-Step account).
• Authenticator code not being accepted
  • App: ensure device is using Network time server
  • Fob: A token can get "out of sync" if the button is pressed too many times in a row and the generated passcodes aren't used for login. In some cases, this can happen by accident if the token is stored next to other objects in a pocket, backpack, etc. Generate three passcodes in a row to attempt to resynchronize the token.
• Out of the Country / No Access to American Phone Number
  • ​If you're traveling out of the United States and have no access to the primary phone number associated with your Two-Step account (or haven't set one up yet) you'll need to enroll to Two-Step via the Duo Mobile or Google Authenticator apps - you can find instructions here.