Another tip in a series provided by the  Offices of Information Security, Information Systems & Computing and Audit, Compliance & Privacy

Your PennKey is a credential that gives you access to many resources. These resources are valuable; you should protect your access to them by protecting your PennKey.

Your PennKey gives you access to personal and University resources—including pay stubs, transcripts, and more. Someone who gains access to your PennKey could compromise your privacy and the University’s systems. Protecting your PennKey is essential for safeguarding your information and the University’s resources.

The first step in protecting your PennKey is using a strong password. There are requirements for the length and complexity of your PennKey password. This password should also be unique to your PennKey. Reusing passwords is a security vulnerability. A password manager can help you create a strong, complex, and unique password. The University offers Dashlane to faculty, staff, and students for this purpose.

If your PennKey account supports it, use Two-Step verification, which is an additional level of security for your PennKey. Two-Step verification combines “something you have,” such as your smartphone, and “something you know,” which is your PennKey password. The University uses Duo Mobile for Two-Step verification. 

Dashlane password manager: https://isc.upenn.edu/resources/dashlane

Duo Mobile for Two-Step verification: https://isc.upenn.edu/pennkey/twostep

---

For additional tips, see the One Step Ahead link on the Information Security website: https://isc.upenn.edu/security/news-alerts%23One-Step-Ahead.