Unlock Your Passwordless Future with Cardinal Key
Between now and September 2021, University IT (UIT) will be asking all university employees to join the 6,000 faculty and staff who are already using Cardinal Key.
You may know Cardinal Key for its passwordless logins, but it has an additional purpose that has become an urgent need for Stanford: to ensure our computers are properly protected now that our workforce is more dispersed.
What to expect
Two weeks prior to your enrollment date, you will receive an email invitation to set up your Cardinal Key(s). The message will include setup instructions as well as a link to request a temporary exception if needed. Installation only takes a few minutes per device, then you’re set for five years!
Email reminders will be sent to you one week prior and one day prior. Beginning on your enrollment date, your Cardinal Key will be needed to access webmail, Axess, and Google Docs (including Google Drive) from your devices.
Get ahead of the curve
There’s no need to wait for your Cardinal Key invitation. You can set up Cardinal Key today using the instructions below.
- Verify that your devices appear in MyDevices and that they show as compliant. The device detail will indicate whether a Cardinal Key has already been installed. Newly installed Cardinal Keys will be reflected in MyDevices within 24 hours.
- Install a Cardinal Key on each device using the instructions at cardinalkey.stanford.edu. To simplify the process on a laptop/desktop, try our new installer.
- On each device, enable Cardinal Key in each web browser you use via https://login.stanford.edu/cookie/x509.
- On each device, test Cardinal Key in each web browser you use via cardinalkey-test.stanford.edu. If you see the “It’s working” message, then you’re in good shape for that browser on that device.
If you encounter any technical hurdles along the way, submit a Help request to the Information Security Office or contact us via the #iso-cardinalkey Slack channel.
The big picture: Healthy Devices @ Stanford
Adopting Cardinal Key is part of a broader plan to modernize Stanford employee devices by September 2021. Allowing for exceptions, the desired end state is for employee devices to be configured as follows:
- Up-to-date operating system (see Sunset Schedule)
- Advanced endpoint protection (CrowdStrike) -- applies to laptops/desktops only
- Passwordless logins (Cardinal Key)
- Modern endpoint management (Jamf for Macs, TBD for Windows and mobile devices) while continuing to support VLRE for devices not handling High Risk Data.
- Modern email authentication
- Backups (Crashplan) -- applies to laptops/desktops only