One Step Ahead: Security Keys: An Additional Verification Method for Two-Step

April 14, 2026
vol 72 issue 31
Bulletins
print

Another tip in a series provided by the Offices of Information Security, Information Systems & Computing and Audit, Compliance & Privacy

The University of Pennsylvania recommends Duo Mobile as a secondary method for two-step verification. Another option is using a security key. A security key is a physical device that you plug into your computer and is considered one of the most secure verification options available. Think of it as a digital “house key” that you physically plug in (or tap) when logging in. Even if someone steals your password or your device, they cannot access your account without the key.

Benefits of Using Security Keys

Enhanced security: Hardware keys use industry-standard cryptography to verify your identity, making them highly resistant to phishing and hacking compared to codes sent by text messages or apps.
Easy to use: After a short setup, logging in often takes just a tap—no need to enter additional codes.
Works without cell service or wi-fi: Because the key doesn’t rely on text messages or apps, it remains reliable when traveling or in areas with poor signal.
Prevents common attacks: Many security breaches happen when users are tricked into entering verification codes on fake websites. A security key won’t work on impostor sites, protecting you automatically.

Challenges of Using Security Keys

Key loss or damage: Losing or breaking your security key could lock you out of your accounts. It’s recommended to have at least two keys—one primary and one backup—and to store them securely and separately.
Setup may seem complicated: The process is straightforward but may be unfamiliar. Penn provides documentation to guide you through setup.
Additional cost: Security keys must be purchased separately.

Duo offers several options to help ensure your PennKey remains secure. Recommendations may evolve over time to keep you protected. Please refer to:

Using security keys with Duo Mobile: https://isc.upenn.edu/resources/two-step-verification-enrollment-instructions
Information about Duo Mobile: https://isc.upenn.edu/pennkey/twostep

---

For additional tips, see the One Step Ahead link on the Information Security website: https://isc.upenn.edu/security/news-alerts%23One-Step-Ahead