Skip to content Skip to site navigation

Stanford is Going Passwordless (beta)

Tuesday, February 19, 2019

Tech Briefing: Go Passwordless with Cardinal Key

Thursday March 21, 3:00 to 4:30 p.m.

Learn how Cardinal Key works and how it provides both simplicity and security.

Learn more about going passwordless with Cardinal Key

Simplicity and security: the future of logins has arrived. Wouldn’t it be nice to skip typing in your SUNet ID and password every day, while protecting your credentials from phishing? With Cardinal Key, you can do just that. University IT has made this new service available to all users, with the understanding that it is a preliminary rollout and not yet fully refined.

“Cardinal Key is a triumph of usability and security,” said Michael Tran Duff, chief information security officer.  “This is the culmination of six years of concerted effort, and the Stanford community will reap the benefits for decades to come. Although Cardinal Key is still in beta, the advantages are too compelling to wait any longer.”

More than 1,000 staff and faculty are already using Cardinal Key as early adopters.  Students are welcome to use Cardinal Key, but their devices must adhere to the same cybersecurity standards that apply to university employees.

“I hardly ever enter my SUNet and password anymore,” said Molly Sharp, UIT business relationship manager and an early adopter of Cardinal Key. “This is how security should be: strong, but in the background.”

Get started

To get started, review the information on the Cardinal Key service homepage. There, you will find links and instructions to install and activate your Cardinal Key. You must install a unique Cardinal Key on each device you use (computer, laptop, tablet, or phone) and activate each one in a separate step.

Security requirements

In order to use a Cardinal Key, the device on which it is installed must adhere to Stanford's cybersecurity standards within one week. After that time, use of the Cardinal Key will be disabled until the device is configured properly. Use MyDevices to view the compliance status of your devices.


Cardinal Key is still in development and is not yet available on every platform. See the table below to determine whether your device and web browser are currently supported:

Platform Browsers VPN Clients
  Chrome Safari Internet Explorer Microsoft Edge Firefox Cisco AnyConnect Native VPN
Windows Supported Not Supported Supported Supported Not Supported Supported Not Supported
Mac Supported Supported Not Supported Not Supported Not Supported Supported Not Supported
iOS Supported* Supported Not Supported Supported Not Supported Not Supported Supported
Android Cardinal Key is not supported on Android and Linux platforms at this time.
*Due to Chrome limitations, iOS users should use Safari to configure their device.

Support for machines that use VLRE for encryption verification will be available soon.  Support for Android devices is planned for a future release.

How it works

Cardinal Key is based on public key cryptography, invented more than 40 years ago and used in nearly every secure online transaction today. A Cardinal Key is a special file installed on your device that uniquely identifies you and your device. It enables you to authenticate yourself without revealing your password, and is valid for a period of five years.

Help and feedback

For assistance or to provide feedback on this preliminary rollout, please submit a help ticket.

Share Feedback

DISCLAIMER: UIT News is accurate on the publication date. We do not update information in past news items. We do make every effort to keep our service information pages up-to-date. Please search our service pages at