MToken FAQ

MTokens serve as the second factor in two-factor authentication. Two-factor authentication is comprised of something you know (your UMICH password) and something you have (your MToken).

There are two kinds of MTokens—a physical device known as a hardware MToken, and a software application called a software MToken.

• A hardware MToken is a small device that can fit on a key ring that displays a new six-digit tokencode once every minute.
• A software MToken is a software application stored on a mobile device (iOS, Android, Blackberry, or Windows) or a computer (Windows or Mac) that displays a new eight-digit tokencode once every minute. The numbers will change regardless of whether the device is connected to the Internet.

A tokencode is the six- or eight-digit number displayed on an MToken. It can be used only once and must be typed into the U-M Weblogin page with your uniqname and UMICH password (called Level-1 password at the U-M Health System) when logging into systems that require it. A tokencode displays for 60 seconds. You can see how much longer the tokencode will display by counting the number of bars to its left. Each bar displays for 10 seconds and then disappears. Some software MTokens display a numerical countdown of seconds remaining.

• Hardware MTokens. If you have access to a system that requires two-factor authentication, you can obtain a hardwaren MToken at an MToken Distribution Center. You need to provide your Mcard to obtain your MToken.
• Software MTokens. You can obtain a software MToken by following the instructions in Obtaining, Activating, and Using Your MToken (S4394).

View the MToken Help Desk and Distribution Center Web page for locations and hours of operation.

No, you cannot use anyone else's MToken. Your MToken is assigned to you and will work only with your uniqname and UMICH password (called Level-1 password at the U-M Health System).

• You can activate your hardware MToken online by following these steps.
  
  Important: Do not initiate the activation process until you have an MToken.
• You can activate your software MToken online by following these steps.

An MToken must be used when logging in to a system that requires two-factor authentication. You must enter the tokencode displayed on your MToken each time you log in to any of these systems.

Faculty, lecturers, and graduate student instructors who have active appointments, as well as M-Reports users in select job families, are not required to use an MToken. They must check the I don't have an MToken checkbox each time they log in.

Exception: Faculty and instructional staff who have an MToken are required to enter a tokencode each time they log into any MToken-enabled system. To remove the MToken requirement for faculty in this situation, contact the ITS Service Center.

Instructional staff with access to Faculty Business in Wolverine Access must check the I don't have an MToken checkbox each time they log in to Faculty Business. The checkbox is used only by instructional staff who are exempt from MToken restrictions.

If you have not enrolled in MToken security questions, or did so prior to November 8, 2014, please contact the ITS Service Center during business hours in order to obtain an emergency code. You will be able to get an emergency access code on the web if you enrolled in MToken security questions after November 8, 2014. For instructions, please see Emergency Access If You Forget Your MToken.

Exception: Emergency access codes cannot be used to access the MiChart Electronic Prescribing for Controlled Substances (EPCS) system used at the U-M Health System (UMHS). EPCS users can contact the Medical Center Information Technology (MCIT) Service Desk at (734) 936-8000 for assistance.

If you have lost your MToken (or the device on which you stored your software MToken), you will need to take certain steps to ensure the security of sensitive institutional data. Please see If You Lose Your MToken for more details. Your lost, broken, or expired MToken can be replaced at any MToken Distribution Center. See Replacing Your MToken for guidance on how to replace software MTokens and activate replacement hardware MTokens.

Yes, with very few exceptions. MTokens may not be transported or sent to embargoed nations identified by the federal government, pursuant to federal export control regulations.

• The following nations are on the embargoed list as of December 2014:
  • Cuba
  • Iran
  • North Korea
  • Sudan
  • Syria
• For general questions about export control regulations, see the ORSP FAQ.
• If you have specific questions or need additional information, please contact the Office of Research and Sponsored Projects (ORSP) at umresearch@umich.edu or 734-764-5500 and ask to be connected with the Export Compliance Officer.

The following list will help you identify the problem:

• Test your MToken to see if it is working correctly
  Go to the MToken Service Center website, and click the Test MToken. Follow the step-by-step process to see if your MToken is operating correctly. If it is not, contact the ITS Service Center.

  Note: The MToken Service Center website is only accessible from a U-M network. If you are connecting from a non-university network, turn on the appropriate Virtual Private Network (VPN) for your campus (U-M VPN-Ann Arbor, UMHS VPN, UM-Dearborn VPN, or UM-Flint VPN).

• You may have entered the same tokencode more than once
  A tokencode changes every 60 seconds and can be used only once. You must use a different tokencode every time you log into a system that requires two-factor authentication. Refresh the page, wait for the numbers to change, and try again.
• You may not have access
  You must request and be granted access to the appropriate systems using the Online Access Request System (OARS) before you will be able to log in. Once you have access, your MToken should permit you to log in.
• Your MToken account may be locked
  Contact the ITS Service Center to have your MToken user account unlocked.
• Your MToken may be expired or broken
  MTokens work for about five years and then they must be replaced. If your MToken no longer displays a tokencode, it is either broken or expired. Check the expiration date.
  • For hardware MTokens, the expiration date is visible on the back of your MToken, just above the serial number.
  • For software MTokens, look for token information or an i icon.
  To replace an MToken, see Replacing Your MToken in Obtaining, Activating, and Using an MToken (S4394).

If your job role changes or if your department has MTokens from staff who are no longer at the university, the unneeded MTokens should be returned. There are several ways to return MTokens that are no longer in use. See Return or Delete Your Unneeded MToken for more.