Improving the Cardinal Key Experience
You shared your feedback with us, and we've heard you. The result: a substantially improved Cardinal Key user experience is on the way.
Cardinal Key Frequently Asked Questions
Self Help for the two most common Cardinal Key errors, see our Cardinal Key Known Issues page known-issues.
Learn more about Cardinal Key by visiting cardinalkey.stanford.edu.
- Q. How does Cardinal Key protect my computer?
- A. Cardinal Key ensures that devices meet our MinSec requirements (per MyDevices) regardless of location.
- Q. How does Cardinal Key protect against phishing?
- A. Using Cardinal Key means no longer being prompted for a SUNet ID and password. If you DO encounter a Stanford-looking login page asking for a username and password while using Cardinal Key, you should be suspicious of a phishing attempt.
- Q. I have Cardinal Key installed on my device. Why am I still being prompted for two-factor authentication?
A. Cardinal Key replaces the need to provide your SUNet ID and password. Depending on the system, the frequency may vary, but you will still need to two-factor in. If you check the Remember me for 90 days box on the two-step authentication login screen, you will reduce the number of two-step authentication prompts that you receive in that web browser for the next 90 days.
- Q. Which Stanford sites require me to log in with a Cardinal Key?
- A. The campus-wide Cardinal Key rollout is to enforce the use of Cardinal Key when logging into webmail.stanford.edu, axess.stanford.edu, and Google Docs (this would include *.google.com).
- Q. Why can’t I join the eduroam network with my Cardinal Key?
- Q. Why is my Cardinal Key not working after clearing my cookies and cache?
A. If you clear your cookies and cache, you will need to re-enable the Cardinal Key. You can do so by going to https://login.stanford.edu/cookie/x509.
- Q. My Cardinal Key stopped working. I checked https://login.stanford.edu/cookie/x509 and it is enabled. What do I do?
A. Check mydevices.stanford.edu to confirm that your device shows as compliant. If it is not compliant, please submit a Help request to your local IT support to let them know.
- Q. Cardinal Key works fine on all my browsers, but I cannot log in to VPN with it. What should I do?
A. When logging into the VPN, please make sure you are selecting the Cardinal Key instead of another certificate. Learn more:
- Q. I am able to login to VPN with Cardinal Key. Why am I still being prompted to enter my SUNet ID and password when I go to Stanford websites?
A. Check that the Cardinal Key is enabled in your browser(s) by going to https://login.stanford.edu/cookie/x509.
- Q. Why does my Cardinal Key work in Firefox, but not always in Chrome?
A. In your Chrome browser, clear the IDP cookie by going to https://login.stanford.edu/cookie/idp and try accessing the site you need to login to.
- Q. Why does my Cardinal Key work in Chrome but not Firefox?
A. Make sure you have the correct settings set via the instructions found under "How to enable Cardinal Key for macOS on Firefox Version 75+" at: https://uit.stanford.edu/service/cardinalkey/install_windows or https://uit.stanford.edu/service/cardinalkey/install_mac.
- Q. Can I install Cardinal Key on a personal device?
A. Yes, you can install Cardinal Key on a personal device. In order to use the Cardinal Key past the initial 48 hour grace period, that device needs to be compliant in MyDevices.
- Q. Can I store High Risk Data in Google Drive using Cardinal Key?
A. Yes, follow the instruction on this page to learn more.
- Q. Can I install Cardinal Key on a shared device?
A. Cardinal Key does not work well on a shared workstation. Depending on the scenario you are in, you can request an exemption.
- Q. Which Stanford sites can I log in with a Cardinal Key?