Know your BoilerKey, features to help prevent, solve lockouts
On Oct. 30, BoilerKey, Purdue’s version of two-factor authentication, became required for all students, staff and faculty to strengthen the security of Purdue’s network and better protect University and personal data.
That means you now need BoilerKey to do things like sign in to Blackboard, register for classes, sign up for benefits or schedule a day off.
But if you can’t access your BoilerKey for some reason – you left your phone or hardware token at home or lost it, for example, your battery died, or something else – you’re not out of luck. There are two ways to solve the problem. You need to set these up before the problem arises.
How to enter your phone number to enable self-service auto recovery
Use this feature if you lose your smartphone, hardware token or have issues with your phone’s connection to the Duo Mobile app. This feature will allow you to order a new token, set up a new device, or reset your PIN (if you know your old one). Remember to delete your old device in the BoilerKey system; you will be given the option to remove retired devices during the process of setting up a new device.
- Visit purdue.edu/boilerkey.
- Log in with your BoilerKey, scroll to the bottom of the page and click “Enable BoilerKey Self-Recovery.”
- Enter your cellphone number (or it may be auto-filled for you).
- Click “Text me a verification code.”
- A code will be sent to the cellphone number you provided.
- Enter that code on the BoilerKey page to verify it.
When using this feature, after confirming your identity, the phone number you provided will be sent a code that will be used in place of “push” or the 6-digit code from the Duo Mobile app or hardware token.
How to generate a backup code if you can’t use your phone or token
Use this feature in case you lose your phone or token, don’t have a wireless signal, run out of battery, or can’t access your phone or token for some other reason.
- Visit purdue.edu/boilerkey. Log in with your BoilerKey, scroll to the bottom of the page and click “Obtain List of BoilerKey One-Time Use Backup Codes.”
- Click “Generate a List…” You will see a list of 10 codes.
- Print and store the 10 codes in a secure location.
- If your phone or token is inaccessible, enter your pin, a comma and one of the 9-digit codes.
- Each 9-digit code can be used only one time.
- If you lose the list of backup codes, please log in to the BoilerKey system, delete the lost list of codes and generate a new list.
As a reminder, any Purdue faculty, staff or students should use their BoilerKey wherever they see the BoilerKey logo and on the virtual private network (WebVPN).
Instead of using a career account password, enter the 4-digit, unique PIN you created, a comma, and the word push if you are using the Duo Mobile app. Alternatively, you can enter your PIN, a comma and a 6-digit code generated from the Duo Mobile app, which is displayed by tapping the “Purdue University” entry, or generated from the hardware token. (Examples: 0000,push or 0000,123456)
With the Duo app, users can generate a 6-digit code even if they don’t have cell service but are connected to Wi-Fi.
BoilerKey’s is part of an effort to reduce successful phishing attacks, identity theft and other cyberattacks and to deter, or at least slow down, cybercriminals who regularly target Purdue’s network. Ultimately, BoilerKey helps secure faculty staff and student data, such as social security numbers and bank account information or sensitive research data and grades.
BoilerKey adds an additional layer of security when logging in. It’s a step above traditional passwords, because not only must users remember something (a PIN or password), but they must also physically possess something that confirms their identity, either a smartphone with an app or a hard token, such as a key fob, both available in BoilerKey’s case.
Still need help? Call Tech Support at 765-494-4000 or email itap@purdue.edu.