Two-Factor Authentication - MToken | MAIS | Michigan Administrative Information Services



	SEARCH/BROWSE CONTACT US U-M HOME

System Access

Reports

Projects

Security

Consulting & Onsite Support

Help

Training

Groups & Communications

Upgrades

M-Pathways Systems

Document Imaging

Two-Factor Authentication / MToken

MToken Service Center (MTSC)

About Two-Factor Authentication & MTokens

Help Desks-Distribution Centers

FAQ

Obtaining an MToken

MToken Administrator Support

Development/Alumni Systems

eResearch

Wolverine Access

My LINC/MAIS LINC

System Information

About MAIS

MAIS Spirit of Excellence Award

MAIS Strategic Planning

MAIS Home

Two-Factor Authentication & MToken

MToken FAQ

I have questions. Where can I get answers?
Why does the University distribute MTokens?
Which administrative systems require that I use an MToken?
I don't use any of the systems that require Two-Factor Authentication. How does this impact me?
Who must have an MToken?
I’m a faculty member, a lecturer, or graduate student instructor. Do I need an MToken? How can I get one?
On the Weblogin page, do I need to check the box that says "I don't have an MToken?"
How do I get my MToken?
How do I activate my new MToken?
What is a tokencode?
My tokencode isn’t working. The Login Screen won’t accept my tokencode. What could be wrong?
I'm a new administrative system user. Where can I get an MToken?
I received an MToken for a staff member who has left the University. How can I return the MToken to you?
Can I borrow my coworker's MToken?
I lost my MToken. Where can I get another one?
I can't find my MToken. I left it at home (or work) and I need to log in. What can I do?
When are the MToken Distribution Centers open?

I have questions. Where can I get answers?
If, after reviewing this FAQ, you still have additional questions, please contact one of the MToken Help Desks & Distribution Centers, or send e-mail to mais.twofactorquestions@umich.edu.

Why does the University distribute MTokens?
The University does much of its business on the Web, which has advantages in terms of working efficiently. However, it also increases the risk that personal and institutional information can be compromised inadvertently, misused intentionally, or even stolen outright. It is everyone's responsibility to take steps that will protect personal information collected and stored for business purposes in administrative and departmental data systems.

Using the MToken to provide a second form of authentication, commonly referred to as Two-Factor Authentication, reduces the risk that information can be easily compromised. Individuals with access to the personal information of others in Web-based administrative and business systems need to take action to protect this information. The MToken displays a one-time tokencode (a six-digit number that changes every 60 seconds) that, when combined with your user ID (uniqname) and reusable password (UMICH Kerberos password), provides for strong authentication.

University leadership believes it is critical for everyone using the U-M computing environment to make an effort to protect the private personal information of our faculty, staff, and students that is collected and stored in the University's electronic resources. Higher education institutions have become primary targets of many hackers and identity thieves, and University IT departments are using various technologies to try to protect your data and the data of the entire University community. Using an MToken for Two-Factor Authentication is a way for individuals with access to others' personal information to help protect those resources.

Which administrative systems require that I use an MToken?
M-Pathways systems (Student Administration & Human Resource Management and Financials & Physical Resources) and the U-M Data Warehouse via BusinessObjects are Two-Factor Authentication-enabled. To successfully log in to these systems, administrative users are required to have an MToken. They must enter the tokencode displayed on their MToken each time they log in.

Faculty Business is also Two-Factor Authentication-enabled. Faculty, lecturers, and graduate student instructors who only use functionality like photo class rosters, grade rosters, and Web grades on Wolverine Access and who do not have another M-Pathways role that requires use of an MToken, must turn on the "I don't have an MToken" checkbox each time they log in. Faculty Business users who have access to other systems that require use of an MToken (e.g., M-Pathways) must enter the tokencode displayed on their MToken each time they log in.

The administrative mainframe, which contains the Development/Alumni Constituency (DAC) system, also requires Two-Factor Authentication.

All other U-M Web-based systems (e.g., Student Business, Employee Business) currently require that you log in with your uniqname (User ID) and UMICH (Kerberos) password. Individual units can choose to implement Two-Factor Authentication on their internal networks and systems.

Most other U-M Web-based systems will accept Two-Factor Authentication, and for security reasons, it is recommended that when you have an MToken, you always enter a tokencode when you authenticate.

I don't use any of the systems that require Two-Factor Authentication. How does this impact me?
Most U-M online systems do not require Two-Factor Authentication at this time, so you do not need an MToken. You can ignore the MToken information on the Weblogin page; you do not need to check the box that reads I don't have an MToken; and you do not need to enter a tokencode.

Who must have an MToken?

Currently, users of M-Pathways systems (Student Administration & Human Resource Management and M-Pathways Financials & Physical Resources) and users who access the U-M Data Warehouse via BusinessObjects are required to have an MToken to access these systems. They must enter the tokencode displayed on their MToken each time they log in and cannot use the "I don't have an Token" checkbox on the Weblogin page.

Faculty, lecturers, and graduate student instructors are encouraged but are not required to use an MToken to access functionality in Faculty Business on Wolverine Access.

If they only use functionality in Faculty Business(photo class rosters, grade rosters, web grades, etc.) and do not have other access (e.g., M-Pathways) that requires use of an MToken, they must turn on the "I don't have an MToken" checkbox on the Weblogin page each time they log in.

Faculty Business users who have access to other systems that require use of an MToken (e.g., M-Pathways) must enter the tokencode displayed on their MToken each time they log in.

U-M departments can choose to use Two-Factor Authentication to secure their systems and networks. In those cases, the departments implementing Two-Factor Authentication will distribute MTokens to appropriate staff.

Individuals with an MToken can use it to log into any system accepting Two-Factor Authentication when they have the appropriate access.

I’m a faculty member, a lecturer, or graduate student instructor. Do I need an MToken? How can I get one?
The University encourages instructional staff to use an MToken for Two-Factor Authentication. Protecting students' private personal information is vitally important to the mission of the University. Two-Factor Authentication provides a stronger authentication method than the traditional single-factor method, which requires just a password. Using it to authenticate enhances the security for U-M Web-based electronic resources and reduces the risk that business or personal information stored in administrative systems will be compromised.

You are not required to use an MToken when you access Faculty Business for class rosters, grade rosters, Web grades and other functionality. However, you must turn on the "I don't have an MToken" checkbox each time you log in to Faculty Buisness.

Faculty, lecturers, or graduate student instructors who have access to other systems that require use of an MToken (e.g., M-Pathways) must have an MToken and must enter the tokencode displayed on their MToken each time they log in.

If you choose to use an MToken, you can get one by visiting one of the MToken Distribution Centers. Support staff can also pick-up an MToken for faculty.

On the Weblogin page, do I need to check the box that says " I don't have an MToken?"
Although an MToken is not required for access to Faculty Business, instructional staff with access to Faculty Business functionality (e.g., class rosters, grade rosters, Web grades) must turn on the "I don't have an MToken" checkbox each time they log in.

All others (e.g., students, employees who only use Employee Business,etc.) should ignore the MToken information.

How do I get my MToken?

If you have access to a system that requires Two-Factor Authentication, you can obtain an MToken at an MToken Distribution Center. You need to provide your MCard to obtain your MToken.

Faculty, lecturers, and graduate student instructors who choose to use an MToken can get one from an MToken Distribution Center. Support staff can also pick up an MToken for faculty.

Important: Do not initiate the activation process until you have an MToken.

How do I activate my new MToken?
Activating an MToken is an easy process that takes only a few minutes to complete. A procedure for activating your MToken is available, and the MTSC Tour demonstrates how to activate your MToken.

Important: Do not initiate the activation process until you have an MToken.

You should complete the Q & A Authentication Questionnaire immediately after activating your MToken. Your answers to the questions will be used to validate your identity and will enable you to request a temporary static tokencode from the MToken Service Center Web site. The Request an Emergency Tokencode Tour describes how to request a temporary tokencode for emergency access.

What is a tokencode?
A tokencode is the six-digit number displayed on an MToken. It can be used only once and must be typed into the Weblogin page with your uniqname (User ID) and UMICH (Kerberos) password.

My tokencode isn’t working. The Login Screen won’t accept my tokencode. What could be wrong?
The following list will help you identify the problem:

You may have entered the same tokencode more than once. A tokencode changes every 60 seconds and can be used only once. You must use a different tokencode every time you log into a system that requires Two-Factor Authentication.
You may have locked your MToken.
Contact an MToken administrator for assistance.
You can test your MToken to see if it is working correctly.
Go to the MToken Service Center, and click the Test Your MToken link. Follow the step-by-step process to see if your MToken is operating correctly. If it is not, contact an MToken administrator.
Your MToken may be expired or broken.
MTokens work for about five years, and then they must be replaced. If your MToken no longer displays a tokencode, it is either broken or expired. You can return your broken or expired MToken and receive a new one at an MToken Distribution Center.

I am a new administrative system user. Where can I get an MToken?
You can obtain an MToken at one of the MToken Distribution Centers on your campus.

I have an MToken that belonged to a staff member who has left the University. How can I return the MToken to you?
There are several ways to return MTokens for staff who are no longer at the University:

Return the MToken to MAIS Access Services, 2019 Administrative Services Bldg, Campus Zip 1432.
Return the MToken to any MToken Distribution Center.
Place the MToken in its original packaging and drop it in any campus mailbox.

Can I borrow my coworker's MToken?
You cannot use anyone else's MToken. Your MToken is assigned to you and will work only with your uniqname and password.

I lost my MToken. Where can I get another one?
You can replace your lost, broken, or expired MToken at any MToken Distribution Center. If you have lost or broken your MToken, there may be a replacement charge.

I can't find my MToken. I left it at home (or work) and I need to log in. What can I do?
If you need to work in an administrative system that requires you to use an MToken and you don't have it with you, you can request a temporary static tokencode. A temporary static tokencode can be used repeatedly to log into an administrative system that requires a tokencode until 9:00 a.m. the morning following your request.

To request a temporary static tokencode via the Web, you must have completed the Q & A Authentication Questionnaire. Take time to answer the three questions when you activate your MToken so this service will be available to you even if the Help Desks are closed. The answers to the questions will be used to validate your identity and will enable you to request a temporary static tokencode from the MToken Service Center Web site. The Q&A Setup Tour describes how to setup your Q&A for emergency access.
To request a temporary static tokencode from an MToken administrator, contact and MToken Help Desk or MToken Distribution Center during their regular business hours.

When are the MToken Distribution Centers open?

View the MToken Help Desk and Distribution Center Web page for locations and hours of operation.