Skip to main content

IdentiKey Password Reset

January 24, 2022: Due to a recent IT security incident, OIT is taking several steps to enhance our IT security and, as part of that, we are asking you to:

change password in IdentiKey Manager visual

Step 1

Change your personal IdentiKey password.

change secondary account password in IdentiKey Manager visual

Step 2

Check to see if you own any secondary accounts, and if so, change your secondary account IdentiKey password(s).

change password in other applications visual

Step 3

Update your IdentiKey password(s) in all of your CU Boulder apps.

If you do not change your password(s) in the coming days, your password(s) will be reset for you, and you will not be able to log into CU Boulder online systems.

Creating strong passwords is crucial for keeping your devices and data safe. Most CU Boulder community members can change their IdentiKey passwords in CU Boulder’s IdentiKey Manager without seeking additional assistance. If you’re unsure of your password or security questions, follow the Activate My IdentiKey instructions to change your password and reset those questions. Visit our Troubleshooting FAQ for help with common error messages, what to do if you're locked out, and more.

Change your current password 

  1. Go to identikey.colorado.edu
  2. Click Change my Password
  3. Log in with your CU Login Name and current IdentiKey password. You may be prompted by Duo if you are enrolled in multi-factor authentication. 
  4. If it’s been a considerable amount of time since you changed your password, you may be prompted to Activate Your IdentiKey and set new security questions.
  5. Set a new password following the requirements listed on IdentiKey Manager.
  6. A message confirming your password has been changed will appear.
  7. Change the passwords for any secondary accounts you own.

Full Change Your Password instructions.

 

 

Forgot my password 

  1. Go to identikey.colorado.edu
  2. Click Forgot my Password
  3. Enter your CU Login Name. If it’s been a considerable amount of time since you changed your password, you may be prompted to Activate My IdentiKey and set new security questions. 
  4. Answer 3 security questions you previously set up. You will have three chances to answer correctly before being locked out. If you don’t remember your security answers, exit and Activate My IdentiKey.
  5. Set a new password following the requirements listed on IdentiKey Manager.
  6. A message confirming your password has been changed will appear. 
  7. Change the passwords for any secondary accounts you own.

Full Forgot My password instructions.

 

 

Activate my IdentiKey 

  1. Go to identikey.colorado.edu
  2. Click Activate My IdentiKey
  3. Select your affiliation.
  4. Enter your personal information. Watch the video at right or visit the Activate My IdentiKey tutorial for how to find your Student ID or Employee ID.
  5. Accept the Computer Usage policy.
  6. Set up at least 3 security questions for your account.
  7. Set a new password following the requirements listed on IdentiKey Manager.
  8. A message confirming your password has been changed will appear. 
  9. Change the passwords for any secondary accounts you own.

Full Activate My Identikey instructions.

 

 

Secondary Accounts

  1. Go to identikey.colorado.edu
  2. Click Activate and Manage my Secondary Accounts
  3. Log in with your personal IdentiKey Login Name and password. You may be prompted by Duo if you are enrolled in multi-factor authentication.
  4. Select the account you'd like to change the password for from the drop-down menu.
  5. Enter a password meeting requirements listed on the page.
  6. A message confirming your secondary account password was set will appear.
  7. Click the Reset or Close button to change another Secondary account password, or sign out.

Full Activate and Manage Your Secondary Account instructions.

 

 

Password change tips
  • Changing your password may take time to update in all of the systems that utilize IdentiKeys. Keep track of your previous password in case you can’t log in with the new password right away.
  • If you have multi-factor authentication set up for Office 365 or if you use DUO Multi-factor authentication, those systems will likely prompt you to authenticate shortly after you update your password.
  • To keep track of and generate strong passwords, OIT recommends using a password manager
Once Your Password Has Been Changed
  • After you change your password it may take additional time to log into each service where you use your IdentiKey, especially if you are off-campus. Provide yourself a little extra time before class or a meeting to ensure you have time to access everything you need.
  • Only use your IdentiKey password for IdentiKey authenticated applications. Do not re-use your IdentiKey password for other websites like your bank account or your personal email.

IdentiKey Passwords Reset by OIT

If you missed the deadline to change your IdentiKey password, your password has been reset by OIT. Change your password in IdentiKey Manager following the Forgot my password or Activate My IdentiKey instructions. If you’re unable to use IdentiKey Manager to update your password, contact the IT Service Center.

IdentiKey Lockout Precaution

Please be aware of the lockout precautions in place for CU Boulder services if you enter your IdentiKey password wrong:

  • If you’ve been locked out because you forgot your security questions in IdentiKey Manager, you must call the IT Service Center to be unlocked.
  • After five unsuccessful IdentiKey login attempts in CU Boulder services (e.g. Canvas, Office 365, Google Workspace, eduroam), your IdentiKey will be locked out. Wait five minutes, review our Troubleshooting FAQ, or change your password.

If you have configured an application or device to automatically log you in and those credentials have changed, your account may become locked out. For help, contact the IT Service Center.

General FAQ

Why do I need to change my password? 

Following a recent IT security incident, OIT partnered with a third party IT security firm who provided recommendations regarding strengthening our IT security posture for the campus. Historically, we have not asked the campus to change passwords regularly given the character length. This is now changing. Moving forward, we will be asking the campus to change their passwords on an annual basis. Review CU Boulder’s Account Activation and Termination Policy.

What password(s) do I need to change?

All members of the CU Boulder community will need to change their personal IdentiKey password. For most CU Boulder community members, this is their only IdentiKey password.

Some CU Boulder community members also own secondary accounts (sometimes known as group accounts). These are generally used for email accounts that multiple individuals in a department or club check (e.g. oitfeedback@colorado.edu), by IT administrators, and in some cases by student employees who need to keep their work email separate from their student email. Follow the Activate and Manage Your Secondary Account instructions to see if you own any of these accounts. The passwords for these accounts will also need to be updated at the same time you update your personal password.

What happens if I don't change my password(s)?

Your password(s) for your personal IdentiKey and any secondary accounts you own will be reset to a randomly generated string of letters, numbers, and symbols, and you will be unable to access anything requiring IdentiKey credentials until you change your password.

If this happens, follow the steps in OIT’s Forgot My IdentiKey Password or Activate My IdentiKey tutorials.

Why do I have to activate my IdentiKey password if I’ve already done that?

There are a couple of reasons why you may have to go through the activation process. First, if it’s been a considerable amount of time since you last changed your password you will be prompted to activate it again to set new security questions. 

Second, if you have forgotten your password and you’ve forgotten the answers to your security questions you should go through the Activate Your IdentiKey process to set new security questions and answers so that you don’t get locked out of your account.

What impacts should I expect from changing my password?

You will need to log in with your new password to all websites and applications where your IdentiKey password may be stored, or for accounts that stay logged in. If enrolled in MFA for Office 365, you will be prompted to authenticate after changing your password when you use Outlook, Teams, etc. If your new password doesn’t work right after the change, try your old password.

My computer is managed by Dedicated Desktop Support (DDS). What should I expect to happen after I change my IdentiKey password?

For Windows, your PC will need to be connected to the campus network for it to accept the new password. If you are unable to log into your PC using the new password, you will need to log in with your old password and connect to the campus network (either directly from on-campus or via the VPN) for a couple of hours. If you are on campus, connected to the VPN, or your PC has received the new Always On VPN policy, your new password should work fine when logging in.

All DDS-managed Macs are managed by a tool called JAMF. If you are unable to log into your Mac with your new password, please log in using your old password and connect to the campus network (either directly from on-campus or via the VPN) for a couple of hours. For Macs not bound to the Active Directory, once the computer checks in with JAMF, you will be prompted to change your password.

If you still are unable to log into your computer with your new password, please submit a support case through the DDS Service Request Portal for assistance from your DDS technician or contact the IT Service Center.

Should I change other passwords I use for CU-related services and applications?

If you re-used your IdentiKey password(s) for other services or applications, whether for CU applications or elsewhere, OIT highly recommends changing those immediately.

How do I come up with a strong password?

OIT has requirements to ensure a strong password, which are listed on the IdentiKey Manager website when you go to change your password.

Follow OIS best practices for creating a strong password and consider using a password manager to keep track of and generate strong passwords.

Troubleshooting FAQ

Help! I’ve been locked out of my account. What should I do?

Review the Lockout Precaution section above and then follow the Forgot My Password or Activate my IdentiKey steps. Visit the IdentiKey Manager - Known Issues page for assistance with errors, or call the IT Service Center at 303-735-4357.

When I try to change my password, I’m prompted by Duo to authenticate.

Using Duo multi-factor authentication is required for OIT system administrators and others who have privileged access and are connecting from off-campus to critical systems. To learn more and troubleshoot if you have problems authenticating, visit the Duo Multi-Factor Authentication page.

I'm trying to activate my IdentiKey but I don't know my Employee ID or Student ID number. How can I find that?

Employee ID

  • If you know your existing password, you can log into the mycuinfo portal and open My info and pay. Your 6-digit employee ID is listed directly on the My Info tile.
  • If you don't know your current password or it's been reset, you can get your employee ID from your Departmental HR Liaison or contact Human Resources at hrmail@colorado.edu or 303-492-6475. If they are closed, please call the IT Service Center at 303-735-4357.

Student ID

  • If you know your existing password, you can log in to Buff Portal and look under your profile information for your 9-digit ID. 
  • If you don't know your current password or it's been reset, try using OIT's Recover Student ID tool. If that tool cannot recover your information, please call the IT Service Center at 303-735-4357.
I got an error when trying to set my password, what should I do?

Listed below are some common errors you may encounter when changing your password or creating security questions. If you get an error that’s not on this list or the IdentiKey Manager - Known Issues page, sign out of IdentiKey Manager or close your browser and try again. If the error persists, try to take a screenshot and contact the IT Service Center.

  • gettoken: Click sign out or close your browser and try again to resolve this error.
  • iam-3030006;password policy failed: Ensure your password meets requirements listed and does not include common dictionary words (e.g. "buffalo" and "colorado").
  • You must answer 3 of the security questions: Using the same answer for more than one question may result in this error. Check that none of your answers are the same and try again.
  • Bad Request: Likely due to a lockout. Lockouts occur after 3 failed attempts logging in or answering security questions. Contact the IT Service Center to unlock your account. 
  • Internal Server Error: Try using only english alphanumeric characters in your security question answers, and if possible one word answers. After getting the error once, try answering different questions or log out and attempt using a different browser. 
  • Unknown error: error - Internal Server Error: Exit IdentiKey Manager and try again without clicking between Password and Confirm Password fields.
  • Invalid characters: Make sure you’re not using disallowed characters in your password, and try to use only alphanumeric characters in your security questions.
  • Credentials Entered Found No User: This may appear during the activation process if entered User Information (e.g. last four digits of SSN) does not match what is in our system. Make sure you are entering the correct information or check your email for a message with your PIN if you don't have a SSN. If this error won’t go away, call the IT Service Center.

For more explanation of these and additional errors, visit the IdentiKey Manager - Known Issues page.

I changed my password but I can't log in to other services.

When changing a password in IdentiKey Manager, it may take up to 30 minutes for the password to sync to other CU Boulder applications that use IdentiKey credentials. If you try to log in right away to an application (e.g. Office 365), your new password may not work.

Try using your old password if you need to immediately log in, or wait 10-30 minutes and try logging in again. You may also need to use your old password for a short time to log in to your computer if you are supported by DDS. If it still isn't working after waiting, you can try changing your password again, or contact the IT Service Center. 

I keep getting locked out of email and other services, especially while on campus. What should I do?

A very common issue after updating a password in IdentiKey Manager is getting locked out of other services. This is usually caused either by password autofill programs or the eduroam secure wireless service

  • Password autofill: If you save passwords in a browser like Chrome, it may be that the password did not update when you changed it in IdentiKey Manager. First, check your browser or password manager settings to make sure any autofill passwords have been removed or updated.
  • Eduroam: Eduroam credentials are often stored locally on devices, so changing your IdentiKey password using IdentiKey Manager will often cause an eduroam authentication failure. Because of how the service operates, eduroam will then continue trying to connect, and often users hit the threshold for OIT's lockout precaution without realizing the cause.
    The most reliable method for correcting this authentication issue is to repeat the onboarding process. Visit the eduroam service page to learn how to re-enroll your device, or try switching to UCB Wireless.

Secondary Account FAQ

I own a secondary account that I should no longer own and should be owned by someone else. What should I do?

If you know who the account owner should be transferred to, email oithelp@colorado.edu and request that the account be transferred to that individual. Make sure to copy the individual you are requesting the account to be transferred to in your email and provide the individual’s first and last name and the department in which they are rostered. The password should then be changed by the new owner of the account.

If you do not know who the account owner should be transferred to, contact the group that the account was created for and obtain the name of the individual to whom the account should be transferred. You can then email oithelp@colorado.edu and request that the account be transferred to that individual. Make sure to copy the individual you are requesting the account to be transferred to in your email and provide the individual’s first and last name and the department in which they are rostered. The password should then be changed by the new owner of the account.

I own a secondary account that can be disabled, as it is no longer in use. What should I do?

Email oithelp@colorado.edu and request that the account be disabled. Make sure to provide the exact name of the account as it is listed in your list of secondary accounts in your IdentiKey Manager.

I own a secondary account that I don’t recognize. What should I do?

Email oithelp@colorado.edu and provide the exact name of the account as it is listed in your list of secondary accounts in your IdentiKey Manager.