The use of two-factor authentication with MTokens enhances the security of U-M electronic resources and reduces the risk that sensitive institutional data stored in university systems will be compromised. Follow these best practices to protect your MToken and use it securely.
Do not begin the MToken activation process until you have an MToken.
Do not leave your MToken where others can get it. If someone learns your UMICH password (called Level-1 password at the U-M Health System) and also has your MToken, they can log in as you on any system to which you have access.
Engage in safe computing practices. Lock your computer, log out, or close your browser when you are away from your desk. Set a password, passcode, or pin for access to your device. Visit Protect Personal Devices & Data to learn how to configure your laptop and mobile devices for best security.
Incorporate distributing and retrieving MTokens into your department's new staff orientation and exit interview processes.
If you lose your MToken, follow the appropriate procedures to report the loss and get a replacement.
Do not take your MToken with you when you travel to an embargoed country, pursuant to federal export control regulations. See Mobile Device Security When Traveling or Conducting Field Research for details.