MIT Registrar Logo
Online Registration Help > Frequently Asked Questions > Touchstone

Online Registration Help

Frequently Asked Questions



What is Touchstone?
Touchstone is a gateway which authenticates the identity of the user via an MIT Digital Certificate or Kerberos credentials.  Using MIT Digital Certificates is the preferred method of authentication, but is dependent upon saving information to the physical machine.  By providing the option of using Kerberos credentials, users can sign into an application without installing a Digital Certificate onto a machine.

How do I use Touchstone?
When you log into, you will be prompted to select an account provider.  Always select “MIT Kerberos account (or MIT web certificate)”.  If you do not have an MIT Kerberos account, contact IS&T.  NOTE: It is suggested that you ignore the two boxes below the account provider window as checking either box could affect later attempts to access the application.

After clicking “continue”, the user can choose to use an MIT Digital Certificate or Kerberos credentials.

Which account provider should I choose?
All users of this application should choose “MIT Kerberos account (or MIT web certificate)”.

Why doesn't Touchstone give me the option of using my certificate or kerberos credentials?

When Touchstone is used for the first time, you are given the option of clicking "Always login with this" for the MIT certificate and Kerberos tickets methods. Clicking this will bypass the authentication option page in future visits. To reset this setting, visit and select "Always ask for username/password". Future visits to Touchstone will provide the option to choose one of the three authentication methods.

I inadvertently clicked the “Remember selection permanently, skip this page from now on” option and now I cannot get back to the Touchstone page.  What do I do?
If you would like to change the account provider, visit .  Choose “MIT Kerberos account (or MIT web certificate)” and click “save”.  A user who removes the preference in this way should be prompted again to select an account provider when subsequently authenticating to the application.