MToken Security Best Practices
The use of two-factor authentication with MTokens enhances the security of U-M electronic resources and reduces the risk that sensitive institutional data stored in university systems will be compromised. Follow these best practices to protect your hardware or software MToken and use it securely.
- Do not begin the MToken activation process until you have either a hardware MToken, or have installed the RSA SecurID application for a software token on your device.
- Do not leave your MToken (either a hardware MToken or a device that is storing a software MToken) where others can get it. If someone learns your UMICH password (called Level-1 password at the U-M Health System) and also has your MToken, they can log in as you on any system to which you have access.
- Practice safe computing. Lock your computer, log out, or close your browser when you are away from your desk. Set a password, passcode, or pin for access to your devices. Visit Protect Personal Devices & Data to learn how to configure your laptop and mobile devices for best security.
- Incorporate distributing and retrieving MTokens into your department's new staff orientation and exit interview processes.
- If you lose your hardware MToken or the device on which your software MToken is stored, follow the appropriate procedures to report the loss and get a replacement.
- Do not take your MToken (hardware or software) with you when you travel to an embargoed country, pursuant to federal export control regulations. See Mobile Device Security When Traveling or Conducting Field Research for details.