MTokens serve as the second factor in two-factor authentication. Two-factor authentication is comprised of something you know (your UMICH password) and something you have (your MToken).
There are two kinds of MTokens—a physical device known as a hardware MToken, and a software application called a software MToken.
A tokencode is the six- or eight-digit number displayed on an MToken. It can be used only once and must be typed into the U-M Weblogin page with your uniqname and UMICH password (called Level-1 password at the U-M Health System) when logging into systems that require it. A tokencode displays for 60 seconds. You can see how much longer the tokencode will display by counting the number of bars to its left. Each bar displays for 10 seconds and then disappears. Some software MTokens display a numerical countdown of seconds remaining.
View the MToken Help Desk and Distribution Center Web page for locations and hours of operation.
No, you cannot use anyone else's MToken. Your MToken is assigned to you and will work only with your uniqname and UMICH password (called Level-1 password at the U-M Health System).
An MToken must be used when logging in to a system that requires two-factor authentication. You must enter the tokencode displayed on your MToken each time you log in to any of these systems.
Faculty, lecturers, and graduate student instructors who have active appointments, as well as M-Reports users in select job families, are not required to use an MToken. They must check the I don't have an MToken checkbox each time they log in.
Exception: Faculty and instructional staff who have an MToken are required to enter a tokencode each time they log into any MToken-enabled system. To remove the MToken requirement for faculty in this situation, contact the ITS Service Center.
Instructional staff with access to Faculty Business in Wolverine Access must check the I don't have an MToken checkbox each time they log in to Faculty Business. The checkbox is used only by instructional staff who are exempt from MToken restrictions.
If you have not enrolled in MToken security questions, or did so prior to November 8, 2014, please contact the ITS Service Center during business hours in order to obtain an emergency code. You will be able to get an emergency access code on the web if you enrolled in MToken security questions after November 8, 2014. For instructions, please see Emergency Access If You Forget Your MToken.
Exception: Emergency access codes cannot be used to access the MiChart Electronic Prescribing for Controlled Substances (EPCS) system used at the U-M Health System (UMHS). EPCS users can contact the Medical Center Information Technology (MCIT) Service Desk at (734) 936-8000 for assistance.
If you have lost your MToken (or the device on which you stored your software MToken), you will need to take certain steps to ensure the security of sensitive institutional data. Please see If You Lose Your MToken for more details. Your lost, broken, or expired MToken can be replaced at any MToken Distribution Center. See Replacing Your MToken for guidance on how to replace software MTokens and activate replacement hardware MTokens.
Yes, with very few exceptions. MTokens may not be transported or sent to embargoed nations identified by the federal government, pursuant to federal export control regulations.
The following list will help you identify the problem:
Note: The MToken Service Center website is only accessible from a U-M network. If you are connecting from a non-university network, turn on the appropriate Virtual Private Network (VPN) for your campus (U-M VPN-Ann Arbor, UMHS VPN, UM-Dearborn VPN, or UM-Flint VPN).
If your job role changes or if your department has MTokens from staff who are no longer at the university, the unneeded MTokens should be returned. There are several ways to return MTokens that are no longer in use. See Return or Delete Your Unneeded MToken for more.