Modern options to replace MTokens beginning this summer


Data breaches, email scams and other threats to personal and institutional data are on the rise, and the University of Michigan is taking steps to increase the protection of this data by expanding the use of two-factor authentication.

Beginning this summer, MTokens — the university’s current two-factor authentication solution — will be replaced with new, more flexible options from Ann Arbor-based Duo Security.

more information
Drop-in sessions for extra help

The effort will start with current MToken holders — including those in the Health System and at the Flint and Dearborn campuses —  and expand to others later this year.

“The most powerful single thing that we can do to help protect both individuals and University of Michigan systems and data is to expand the use of two-factor authentication,” says Don Welch, chief information security officer.

Two-factor authentication is a second layer of security, keeping an individual’s account secure even if their password is compromised. It requires two proofs of identity when logging in:

• Something you know, such as a UMICH password.

• Something you have, such as a hardware token with passcodes or a mobile app.

On July 20, those who currently log in to MToken-protected systems will stop using their MToken and begin using Duo two-factor authentication instead. The change applies to systems in Wolverine Access, FLUX, DART and some departmental systems.

To maintain access to protected systems, current MToken holders must:

• Enroll in Duo options by July 20.

• Continue to use their MTokens until July 20.

• Begin using a Duo two-factor option in place of an MToken on July 20 or follow the log-in prompts to sign-up for Duo and gain access to the protected systems.

“The variety of log-in options offered by Duo is one of the primary benefits of this new solution,” says DePriest Dockins, project director and assistant director of identity and access management in Information and Technology Services.

Duo includes an app that pushes a notification to a smartphone or mobile device for approval when logging in to protected systems. Other Duo options include a phone call (using flip-phones or desk phones), passcodes via text message, or Duo hardware tokens.

Primary and secondary methods are recommended. Individuals may select the options they prefer, although departmental policy may preclude use of some options.

Later this year, individuals will be able to use Duo to further protect their personal information, such as W-2s and Direct Deposit forms, when logging in to self-service options in Wolverine Access.

New solutions for two-factor authentication.


Two-factor authentication options with Duo.



  1. Veronica Hall
    on June 8, 2016 at 8:10 am

    •Enroll in Duo options between before July 20. This statement is unclear.

    • Jamie Iseler
      on June 8, 2016 at 9:14 am

      Thanks for catching this discrepancy. It has been corrected to say current MToken holders should enroll in Duo by July 20.

  2. Wendy B
    on June 8, 2016 at 2:25 pm

    An announcement to all Token holders would be *EXTREMELY* helpful! As usual, communication is mediocre at best.

    • Jessica Rohr
      on June 14, 2016 at 12:39 pm

      Individuals who have a registered MToken with U-M can expect to receive email communications from either ITS, UMHS or their reporting unit. An announcement was sent to Ann Arbor campus MToken holders on June 2 and June 3 (did not include staff or faculty in UMHS, Athletics, Law, Shared Service Center, or Office of Development.) More email reminders are forthcoming.

  3. Beth L
    on June 10, 2016 at 9:12 am

    Will the DUO hardware be sent to all current MToken hardware users?

    • Jessica Rohr
      on June 14, 2016 at 12:40 pm

      No. Individuals may work with their primary reporting unit to determine which Duo option is appropriate for their needs.

Leave a comment

Commenting is closed for this article. Please read our comment guidelines for more information.