MToken Security Best Practices
The use of two-factor authentication (MToken) enhances the security of U-M electronic resources and reduces the risk that sensitive institutional data stored in university systems will be compromised. Follow these best practices to protect your MToken and use it securely.
- Do not begin the MToken activation process until you have an MToken.
- Do not leave your MToken where others can get it. If someone learns your UMICH password (called Level-1 password at the U-M Health System) and also has your MToken, they can log in as you on any system to which you have access.
- Engage in safe computing practices. Lock your computer, log out, or close your browser when you are away from your desk. Visit Protect Personal Devices & Data to learn how to configure your laptop and mobile devices for best security.
- A tokencode will display on your MToken for 60 seconds. You can see how much longer the tokencode will display by counting the number of bars to the left of the number. Each bar displays for 10 seconds and then disappears.
- Incorporate distributing and retrieving MTokens into your department's new staff orientation and exit interview processes.
- If you lose your MToken, follow the appropriate procedures to report the loss and get a replacement.
- Do not take your MToken with you when you travel to an embargoed country, pursuant to federal export control regulations. See Mobile Device Security When Traveling or Conducting Field Research for details.