Two-Factor Tips and Best Practices

The use of Two-Factor Authentication enhances the security of U-M electronic resources and reduces the risk that business and personal information stored in administrative systems will be compromised.

As a user of these systems, you can take steps within your own unit or department to ensure that the information to which you have access is protected:

• Engage in safe computing practices every day. Lock your computer, log out, or close your browser when you are away from your desk. Visit IT Security Tools and Tips to learn how to keep private personal information safe.
• Do not initiate the MToken activation process until you have an MToken.
• Do not share your MToken with another person, because it is linked to your uniqname (User ID) and UMICH (Kerberos) password.
• Do not leave your MToken where others can access it. If someone learns your UMICH (Kerberos) password and also has your MToken, they can log in as you on any system to which you have access.
• A tokencode will display on your MToken for sixty seconds. You can determine how much longer the tokencode will display by counting the number of bars to the left of the number. Each bar displays for 10 seconds and then disappears.
• The MToken is not a flash drive storage device. Please do not plug it into the USB port on your computer. This function may be used in the future as additional security is added to Two-Factor Authentication.
• Incorporate distributing and retrieving MTokens into your unit's New Staff Orientation and Exit Interview processes. View sample processes.