Penn WebLogin two-step verification
Why you should use it
Two-step verification dramatically reduces the risk of someone stealing your identity and attacking Penn. Even if they acquire your password, they still can't log in.
How it works
Two-step verification adds an extra layer of security whenever you log in. Step 1 uses something only you know (your PennKey password). Step 2 uses something only you have (such as your smartphone).
- Enter your PennKey and password as usual.
- When prompted, enter a code from your phone or other device.
You can automate Step 2 by making your browser trusted (optional). If no one else uses that browser, you only need to enter a code if you haven't used it to log in during the past 30 days.
Opt in (takes about 15 minutes)
Step-by-step instructions for enrolling in two-step verification, or
re-enrolling if you've previously opted out of the service.
Add a phone or device, opt out of the service, create or edit your profile, generate printable
single-use codes, untrust previously trusted browsers, view your recent
two-step verification activity, or help a friend who's having trouble
Watch our fun, quick videos to learn about two-step verification and how to use it!
Trouble logging in? If you've logged in during the past 30 days using a different browser and
checked the "Trust this browser" box,
try using that browser. Otherwise see Trouble logging in? for self-help options.
Review the FAQ.
If you experience problems not resolved by the resources above, contact
your local support provider (LSP).
Note: Your LSP will need to verify your identity, so before contacting your
LSP you should be prepared to show them your PennCard in person, or be at
your phone number of record to receive a callback, or be able to receive an
email with an arbitrary "secret" and be able to receive a phone
callback (at any phone number you give the LSP).
Notice: On Monday, August 24th at 6:30 AM until 6:40 AM, WebLogin will be
undergoing routine maintenance. The actual outage is expected to be
extremely brief within the reserved 10 minute window.
As of April 25, Browser trust was changed to persist indefinitely, as long as the browser is used to log in at least once in the past 30 days.
The following changes were made on April 12, 2014:
- Adding a phone: was made easier - it is no longer necessary to
opt out first;
- Enrolling a hardware token: was made easier - just buy the token
at the Computer Connection, and enroll by entering its serial number; and
- Reporting Enrollment: is possible on-demand for organizations
wishing to promote enrollment of their members.