MAIS University of Michigan Administrative Information Services
[] SEARCH/BROWSE CONTACT US U-M HOME
SERVICES

System Access

Reports

Projects

System Development Life Cycle

Project Management

Disaster Recovery/Business Continuity

Security

Consulting & Onsite Support

Help

Training

Groups & Communications

Upgrades

SYSTEMS

M-Pathways Systems

Document Imaging

Two-Factor Authentication / MToken

Development/Alumni Systems

eResearch

Wolverine Access

My LINC/MAIS LINC

System Information

About MAIS

MAIS Spirit of Excellence Award

MAIS Strategic Planning
MAIS Home Projects Two-Factor Authentication in M-Pathways Authentication Processes

Description of One- and Two-Factor Authentication Processes

On This Page:

Understanding Authentication

Authentication is the means used by a computer to identify a person or system. Authentication processes require people (or systems) to provide information to prove their identity. A two-factor authentication process collects two of the following three types of information:

  • Something you know, which is a shared secret between a computer and a person, such as a password or PIN.
  • Something you have, which is the possession of a physical token, such as an ATM card.
  • Something you are, which is biometric information generated for a person by digitizing measurements of a physical characteristic such as fingerprint, facial geometry, voice pattern, and retinal patterns. Because it is not practical for U-M administrative systems at this time, biometric authentication will not be addressed in this project.

One-Factor Authentication

One-factor authentication processes use one of these three types of information. Examples are the U-M Kerberos system, and the authentication process used on most Microsoft Windows desktops. Using the same type of information twice, such as requiring two passwords to log into a computer, is still one-factor authentication.

Two-Factor Authentication

An example of two-factor authentication is ATM cards and PINs. The user's PIN (something you know) and the user's ATM card (something you have) are both needed to access the ATM machine. For this project, two-factor authentication refers to the use of a password and a physical token together for authentication.

Overview of the MAIS Two-Factor Authentication Project

The Two-Factor Authentication Project will resolve the issues of a password-based, one-factor authentication process for administrative systems at the University of Michigan. U-M business managers, data stewards, and executive officers have assessed the integrity and confidentiality risks associated with University enterprise systems, and established an authentication direction for these systems.

This vision includes two-factor authentication, and MAIS has developed a business case for this work, which involves:

  • Research in various technical alternatives
  • Identification of scope of work
  • Identification of one-time and ongoing costs
  • Identification of benefits
  • High-level implementation plan

    Next section: Password Authentication Issues

MAIS
University of Michigan Administrative Information Services

Last modified October 17, 2005