If you’re not using Carolina Key passwordless logins, you’re missing out. You could skip typing your password and still have fast and secure logins to many UNC-Chapel Hill systems, including ConnectCarolina, Canvas and more. All you have to do is register your device, like your smartphone or laptop, with Carolina Key.
Carolina Key is UNC-Chapel Hill’s latest technological innovation in the fight against hackers who want to steal your — and the University’s — valuable data. Historically, making your account secure has meant ever-changing tactics like requiring long and complex passwords and using 2-Step Verification. These strategies do make it harder for bad actors to get in. But they also make it more difficult for you to access your own account.
That all changes with Carolina Key passwordless logins. Carolina Key is additional security that’s easier for you, but harder for hackers. Not only is Carolina Key fast and secure, registering is quick, too.
Keep in mind that Carolina Key isn’t available with every UNC system. Right now, Carolina Key works on web-based services that use Single Sign-On (SSO), which means you will still need your password for Microsoft logins and a few other services across campus. SSO might not be a name you know, but it’s a familiar login screen on many web-based Carolina systems. If you’ve logged into ConnectCarolina, Canvas or accessed library resources from off-campus, you’ve used SSO.
1. Passkeys are fast
Carolina Key swaps your insecure and easily lost password with strong device-based authentication called a passkey.
Passkeys are cryptographic tokens you store on devices like smartphones, smartwatches, laptops and tablets. Using either a PIN, physical security key, or the built-in biometric sensors on your device, like facial recognition or fingerprint scanning, you quickly unlock and send your passkey to the requesting site.
With Carolina Key, instead of Onyen and password, it’s Onyen and passkey. And since those passkeys are things like facial recognition or a short PIN, they’re way faster than typing a password.
And if skipping your password isn’t fast enough, Carolina Key can make some logins even quicker.
Because Carolina Key is so secure, it replaces more than your password — it also replaces Duo 2-Step Verification when used with Single Sign-On. So, when a system or service that uses SSO requires Duo, using Carolina Key means you skip both your password and Duo in favor of a fingerprint, PIN or facial recognition. Imagine how much faster you’ll log in when you don’t have to wait for a push notification or texted code.
2. Carolina Key is secure and private
When it sounds so convenient, you’d expect that there might be a security tradeoff. But that’s not the case — Carolina Key is more secure than a password.
With passkeys, you store your login credentials on your device. They’re never sent to the site you’re logging in to. This means hackers can’t steal them off a server or intercept them in transit. You are more in control of your own credentials because they’re literally in your hands.
Passkeys like Carolina Key are virtually impervious to phishing attacks. Phishers try to steal passwords, but when we use passwordless logins and passkeys, there are no passwords to steal. We shut out hackers because our devices are our logins.
And going above and beyond, Carolina Key keeps your login data private. If you’re concerned about logging into UNC systems using a fingerprint or facial recognition — you can rest easy. Your biometric data is stored in your device and never transmitted to UNC. In fact, your device just tells Carolina Key that you’ve authenticated — it doesn’t even share what method you used.
If using your personal device makes you nervous, you still have options. If you have a University-issued laptop, you can register it with Carolina Key. Or you can register a physical security key that supports the fast identity online protocol, or FIDO2, like a YubiKey.
3. Registering is quick
It just takes a few minutes to register your device and then you’re on your way to fast and secure passwordless logins.
Windows, Mac, Linux, Apple, Android — they all work. Just keep in mind that your authentication method options will vary by device and web browser. You can learn more about which methods Carolina Key supports per operating system and compare which methods are available on your device. For example, Carolina Key supports fingerprint scanning for iOS devices, but newer iPhones don’t have fingerprint sensors. So, fingerprint recognition may not be available for your iPhone, but may be available if you have an iPad.
And even better, if you’re using devices in the same ecosystem, they can all sync without you having to register each one. So, if you have a Mac laptop, an iPhone and an iPad, you’ll register once and be able to use each device as one of your Carolina Keys. Using a Mac laptop and an Android phone or a Windows machine and an iPhone? No problem — register each one.
Have more questions about Carolina Key? Visit the Carolina Key website or contact the ITS Service Desk using the Help Portal. You can learn more about the ins and outs of passkeys in a past ITS News article, A future without passwords: Part I.