June 8, 2016
Topic: Information Technology
Data breaches, email scams and other threats to personal and institutional data are on the rise, and the University of Michigan is taking steps to increase the protection of this data by expanding the use of two-factor authentication.
Beginning this summer, MTokens — the university's current two-factor authentication solution — will be replaced with new, more flexible options from Ann Arbor-based Duo Security.
The effort will start with current MToken holders — including those in the Health System and at the Flint and Dearborn campuses — and expand to others later this year.
"The most powerful single thing that we can do to help protect both individuals and University of Michigan systems and data is to expand the use of two-factor authentication," says Don Welch, chief information security officer.
Two-factor authentication is a second layer of security, keeping an individual's account secure even if their password is compromised. It requires two proofs of identity when logging in:
• Something you know, such as a UMICH password.
• Something you have, such as a hardware token with passcodes or a mobile app.
On July 20, those who currently log in to MToken-protected systems will stop using their MToken and begin using Duo two-factor authentication instead. The change applies to systems in Wolverine Access, FLUX, DART and some departmental systems.
To maintain access to protected systems, current MToken holders must:
• Enroll in Duo options by July 20.
• Continue to use their MTokens until July 20.
• Begin using a Duo two-factor option in place of an MToken on July 20 or follow the log-in prompts to sign-up for Duo and gain access to the protected systems.
"The variety of log-in options offered by Duo is one of the primary benefits of this new solution," says DePriest Dockins, project director and assistant director of identity and access management in Information and Technology Services.
Duo includes an app that pushes a notification to a smartphone or mobile device for approval when logging in to protected systems. Other Duo options include a phone call (using flip-phones or desk phones), passcodes via text message, or Duo hardware tokens.
Primary and secondary methods are recommended. Individuals may select the options they prefer, although departmental policy may preclude use of some options.
Later this year, individuals will be able to use Duo to further protect their personal information, such as W-2s and Direct Deposit forms, when logging in to self-service options in Wolverine Access.
New solutions for two-factor authentication.
Two-factor authentication options with Duo.