Purdue to add two-factor authentication for all faculty and staff during spring semester

BoilerKey, Purdue's's version of two-factor authentication, improves security for personal and University data.

Coming soon, all of Purdue’s faculty and staff will need to begin using two-factor authentication, known at Purdue as BoilerKey, to log into the new employee portal, SuccessFactors, improving security of personal and University data alike.

Signup for BoilerKey is now ready for all Purdue employees at www.purdue.edu/boilerkey. Purdue faculty and staff can expect reminders to sign up in the form of direct emails, social media posts and Purdue Today articles to give instructions on how and where to sign up throughout the coming spring semester. The employee portal allows employees to create leave requests and check paystubs. It also handles many of the University’s business functions.

Greg Hedrick, Purdue’s chief information security officer, says security staff are developing a streamlined step-by-step process to sign up for BoilerKey, so all faculty and staff should be able to sign up without assistance. Departmental IT staff and the ITaP Customer Service Center will also be available to answer questions and offer one-on-one help.

“We have worked hard to ensure signing up for BoilerKey is an easy process,” Hedrick says. “Using two-factor authentication on our campuses makes all employee accounts more robust against scammers and cybercriminals.”

Implementing BoilerKey at Purdue also protects the University from a growing number of cyberattacks on colleges and universities.

“This is a necessary step to keep pace with what others are doing in higher education to improve security around critical systems and help protect individuals’ data,” Hedrick says.

What is two-factor authentication?

BoilerKey adds a second login requirement to go with your password. At Purdue, it’s a numerical code randomly generated on a smartphone app called Duo or a key fob.

Essentially, even if someone were to get ahold of your password (if you fall for a phishing email, for instance), your account would still be protected because only you can physically access your smartphone or key fob to get the necessary login code.

Writer: Kirsten Gibson, technology writer, Information Technology at Purdue (ITaP), 765-494-8190, gibson33@purdue.edu

Last Updated: December 8, 2017