Penn Computing

Penn Computing
Computing Menu Computing A-Z
Computing Home Information Systems & Computing Penn
PennKey
Home
PennKey Overview
PennKey A-Z
PennKey Search
Site Map
How To:
Register Your PennKey
Set/Reset Your Password
Use Kerberized Services
Protect Your Password
Sponsor a Guest
Get Help
Special Information:
For LSPs
For System Admins
For Web Developers
For PennKey Admins

An Introduction to PennKey

A key element of online security is the need to protect the passwords we use to authenticate, or prove, our identity to online systems. Upon careful evaluation, the University adopted the Kerberos-based PennKey authentication (identity verification) system in October, 2002.

Within the PennKey authentication system, an individual's username is known as a PennKey. Paired with an associated password, a PennKey is required to authenticate an individual's identity to many of Penn's networked systems and services, as specified on the Application Logon Methods page. Note that PennKeys are all lower case, i.e., if a person whose PennKey is "smith" enters "Smith" or "SMITH", authentication will fail.

Eligibility

Faculty, staff, and students of the University of Pennsylvania; employees of the University of Pennsylvania Health System (UPHS); and sponsored guests who have an official business need for accessing restricted Penn resources are eligible for a PennKey.

PennKey Background

PennKey is the latest evolution of the University's longstanding commitment to securing critical online services.

Security requirements for critical services are outlined in the University's Critical PennNet Host Security Policy, commonly referred to as the Critical Host policy. One way the policy strives to protect Penn's systems and services is by mandating that passwords sent between users and critical host systems be "strongly encrypted," or protected by certain ciphering methods, rather than sent over the network "in clear text." The PennKey authentication system satisfies this requirement and provides a foundation for even stronger forms of authentication that may be required in the future. PennKey authentication is only one of several forms of secure authentication that meet the Critical Host policy. Other forms of secure authentication are being used on campus services as well.

The PennKey system is based on Kerberos, a security technology developed at MIT. The Kerberos protocol enables individuals to demonstrate that they are who they claim to be without ever transmitting passwords over the network, even in encrypted form. Thus there are fewer opportunities for password theft or unauthorized access to Penn's network, systems, and confidential or personal data. Kerberos also lays the foundation for the evolution towards a "single sign-on" environment over time -- one in which a user would enter a unique ID and password only once a day in order to access several different online services.


 
top

Information Systems and Computing
University of Pennsylvania
Comments & Questions
Penn Computing University of Pennsylvania
Information Systems and Computing, University of Pennsylvania