Still Have Questions?

Try Our Quick Start Guide!

Phone (215) 662-7474

M-F 8:00-4:30

If you forget your PennKey password, you can reset it online if you have chosen to enroll in Challenge-Response.

Although the term Challenge-Response may be unfamiliar, you may have used similar methods to reset forgotten passwords on other web sites. A user is asked to answer personal questions. Later, if the user can answer the same questions correctly, information is given about how to reset a forgotten password.


There are two applications associated with Challenge-Response:

  1. The Enrollment Application is used to initially enroll in Challenge-Response, to change your Challenge-Response settings, or to cancel enrollment in Challenge-Response.
  2. The Password Reset Application is used to reset your password online if you forget it.

How the Challenge-Response Applications Work

Enrollment Application. Log in to the Challenge-Response Enrollment Application using your PennKey and Password to authenticate. Provide answers to three personal information questions. You may return to the enrollment application at any time to change your questions and answers or to cancel your enrollment.

Password Reset Application. If you forget your PennKey password, log in to the Challenge-Response Password Reset Application using the last 4 digits of your SSN, your date of birth, and your Penn ID to authenticate. When your three questions are displayed, confirm your identity by entering exactly the same answers you provided originally. You will then be linked directly to the PennKey Registration site to reset your password.

Should you forget your answers to the personal information questions, you can reset your password by using a PennKey Setup Code obtained from PennKey administration stations.

Should I Use Challenge-Response?

Challenge-Response is a good option

  • if you want the "anytime, anywhere" convenience of resetting your password online
  • if you travel frequently
  • if you think you are likely to forget your password

How Secure Is Challenge-Response?

PennKey Challenge-Response has been designed with an eye towards strong security:

  • It requires correct responses to three separate questions, rather than just one
  • It does not ask questions frequently posed on other sites (such as "What was your mother's maiden name?")
  • It does not request biographical data which could be easily obtained from other sources (such as "What city were you born in?")
  • Passwords are never transmitted as part of the Challenge-Response process, so they cannot be intercepted.

About Penn Medicine   Contact Us   Site Map   Privacy Statement   Legal Disclaimer   Terms of Use

Penn Medicine, Philadelphia, PA 800-789-PENN © 2017, The Trustees of the University of Pennsylvania