Two-Step Verification: Enrollment Instructions

Follow the instructions in each section to enroll in Two-Step Verification using Duo Mobile, Text/SMS, voice calls, or a Security Key. You can have multiple verification methods active at the same time. If you are unable to enroll, please contact PennKey Support.

Notes: 

  • If you need to make changes in the future to Two-Step Verification (e.g., add, rename, or delete devices), go to the Duo Device Management Portal.
  • For best results, use a device other than your phone (such as a laptop or desktop computer) to perform the steps below.

Duo Mobile app (recommended)

ISC strongly recommends setting up Duo Mobile as one of your Two-Step Verification options. Duo Mobile is a two-factor authentication application that provides a second-step authentication service to protect against account takeover and data theft. Duo Mobile is free and can be downloaded from the App Store (iOS) or Google Play Store (Android).

Follow the steps below to enroll in Two-Step Verification using Duo Mobile:

Duo Mobile Enrollment Instructions

  1. Visit the Duo Device Management Portal and log in using your PennKey username and password.
    • First-time enrollment: Click Next until you reach the screen titled Select an option.
    • Adding an additional verification method: Click Add a device.

  2. From the Select an option screen, select Duo Mobile.

    Duo select an option screen

  3. Enter your phone number and click Add phone number.

    • Duo supports international phone numbers; you can select the country code from the drop-down list.
    • If you have a tablet, select "I have a tablet". Follow the onscreen instructions to add Duo Mobile to your tablet.
    Duo enter phone number screen

  4. Confirm that the phone number you entered is correct.

    Duo phone number screen

  5. Download Duo Mobile on your mobile device from the App Store (iOS) or Google Play Store (Android), then click Next on your computer.

    Duo initial enrollment download screen
  6. Open the Duo Mobile app on your mobile device. If this is your first Duo profile, tap Add Account. If you already have existing Duo profiles for other accounts, tap the plus (+) sign to add an additional profile.

  7. In the Duo Mobile app, select Use QR code and point your device's camera at the QR code on your screen. The Duo-Protected University of Pennsylvania account should appear in your Duo Mobile app. Tap Save.

    Duo scan QR code screen

  8. Once setup is complete, you will see the Added Duo Mobile success screen. Click Continue.

    Added Duo mobile screen
  9. When you return to the Duo Device Management Portal, you should now see your mobile device listed among your registered devices. You can now use Duo Mobile to log in to PennKey-protected applications using a push notification sent to your mobile device. Since you added a phone number, you can also use text messages and phone calls.

Text/SMS or Voice Calls

Select this option if you do not have a smartphone and would like the Two-Step Verification service to either text or call you to provide a verification code to one of your registered phone numbers. Text/SMS and voice calls are supported, but not recommended, for Two-Step Verification. 

Follow the steps below to enroll in Two-Step Verification using Text/SMS or voice calls:

Text/SMS or Voice Call Enrollment Instructions

  1. Visit the Duo Device Management Portal and log in using your PennKey username and password.
    • First-time enrollment: Click Next until you reach the screen titled Select an option.
    • Adding an additional verification method: Click Add a device.

  2. From the Select an option screen, select Phone number.

    Duo select an option screen

  3. Enter your phone number and click Add phone number.

    • Duo supports international phone numbers; you can select the country code from the drop-down list.
    • Landline phones can only accept phone calls, not Text/SMS. If you have a phone that cannot accept Text/SMS, select This is a landline phone.
    • When you select the option for a landline phone, you can add an extension if needed.
    Duo enter phone number screen

  4. Confirm that the phone number you entered is correct.

    Duo phone number screen

  5. Once setup is complete, you will see the Added phone success screen. Click Continue.

    Duo added phone for text screen
  6. When you return to the Duo Device Management Portal, you should now see your phone number listed among your registered devices. You can now receive Text/SMS and voice calls for Two-Step Verification.

Security Key (YubiKey)

A Security Key, also known as a YubiKey, is a physical device that plugs into your computer to verify your identity when you log in. A security key is compact and can be easily carried, making it ideal for travel. It's a ready-to-use plug-and-play device. Security Keys from Yubico and Feitian are recommended and supported. Follow the steps below to enroll in Two-Step Verification using a Security Key:

Security Key (YubiKey) Enrollment Instructions

  1. Visit the Duo Device Management Portal and log in using your PennKey username and password.
    • First-time enrollment: Click Next until you reach the screen titled Select an option.
    • Adding an additional verification method: Click Add a device.

  2. From the Select an option screen, select Security Key.

    Duo select an option screen
  3. Click Continue.

  4. You will see a pop-up asking you to insert your Security Key and to touch the small metal contact on the key to activate it. If you have previously set up a PIN for your Security Key, you may also be asked to input your PIN during this step.

    • Note that the pop-up screen will vary depending on the browser you are using (see below for examples).
    Two screenshots of Secrity Key activation prompts. One reads "Use your security key with duosecurity.com" and the other reads "Sign In: Set Up Security Key."

  5. You may receive additional pop-ups similar to the ones below asking where to save your passkey or if you want to allow Duo to access information about your Security Key. Proceed as applicable and click through these prompts.

    Two screenshots of Windows Security prompts. One reads "Choose where to save this passkey" and the other reads "Continue setup".

  6. After you activate the Security Key, you will see the Added security key screen. Click Continue.

    Added security key. You can now verify your identity with Duo using this security key.

  7. When you return to the Duo Device Management Portal, you should now see Security Key among your registered devices. Your Security Key will now be available as a login option for Duo when logging into PennKey-protected applications.

    Security key
  8. If you also need to set up a PIN for your Security Key, refer to the PIN Setup Instructions below.

Security Key (YubiKey) PIN Setup Instructions

You can choose to add a PIN to your Security Key (YubiKey) for an extra layer of security, or you may be required to use a PIN if you are a user of highly sensitive applications or data.

There are several methods to set your PIN. Select the method below that best fits your situation and follow the listed instructions.

Yubico Authenticator App

Note: You must have administrator access to your computer or device to download the Authenticator app. If you do not have this access, use one of the other methods to create your PIN.

  1. Go to the Yubico Authenticator app download page and click the download link for your system. Follow the on-screen instructions as you would for any app download.
  2. After download, launch the Yubico Authenticator app.
  3. Plug your YubiKey into your device. The app will detect your YubiKey.

  4. In the Yubico app, click on the left menu icon (hamburger) in the upper left corner of the app and select Passkeys.

    Two screenshots of the Yubico app interface highlighting the menu icon and the "Passkeys" menu option.

  5. Under Manage, click Set PIN.

    A screenshot of the Yubico app interface. The option to "Set PIN" is highlighted.

  6. In the Set PIN window, enter your new PIN, then enter the new PIN again to confirm and click Save.

    • The PIN can contain letters and/or numbers and must be between 4 and 63 characters in length. Penn recommends a 6-character PIN for your Security Key.
    • Your PIN will now be available to use with your Security Key as a login option for Duo when logging into PennKey-protected applications.
    Screenshot of the Yubico app "Set PIN" window, showing the text fields where the user will enter and confirm their PIN.

Security Key Management (Windows)

  1. Plug your Security Key into your device.

  2. On your Windows device, go to Settings -> Accounts -> Sign-in Options. Select Security key, then select Manage. You may be prompted to touch the security key connected to your device.

    Screenshot of the Windows "Sign-in options" settings screen. The option to click "Security key" and then select "Manage" is highlighted.

  3. Under Security Key PIN, click Add.

    Screenshot of the Windows Security Key PIN interface. The button to Add a PIN is highlighted.
  4. In the Set up a security key PIN window, enter your new PIN, then enter the new PIN again to confirm and click OK.
    • The PIN can contain letters and/or numbers and must be between 4 and 63 characters in length. Penn recommends a 6-character PIN for your Security Key.
    • Your PIN will now be available to use with your Security Key as a login option for Duo when logging into PennKey-protected applications.

Chrome Web Browser (Non-Windows)

  1. Go to Chrome’s Settings -> Privacy and Security. Select Security.

    Screenshot of Chrome Privacy and Security Settings screen. The option to select Security is highlighted.

  2. Scroll down, then select Manage security keys.

    Screenshot of Chrome settings text reading "Manage security keys: Reset security keys and create PINs"

  3. Select Create a PIN.

    Screenshot of Chrome "Manage security keys" menu. The option "Create a PIN" is highlighted.
  4. At the prompt, insert and touch your Security Key.

  5. In the pop-up, enter your new PIN, then enter the new PIN again to confirm. Click Save, then OK.

    • The PIN can contain letters and/or numbers and must be between 4 and 63 characters in length. Penn recommends a 6-character PIN for your Security Key.
    • Your PIN will now be available to use with your Security Key as a login option for Duo when logging into PennKey-protected applications.
    Two screenshots, both titled "Create a PIN." The first reads "Enter your new PIN. A PIN must be at least 4 characters long and can contain letters, numbers, and other characters." The second reads "Your PIN was created."