U-M adopts two-factor authentication to safeguard information

The open nature of university networks and the large amount of personal information they store make them prime targets for identity theft and other information security threats—and U-M is no exception. Administrative systems at U-M are scanned by potential hackers 25,000 times a day, prompting Michigan Administrative Information Services (MAIS) to increase protection of personal information and business data by introducing a new authentication method this fall.

The six-digit numeric code displayed on the new MToken device changes every minute, and, when used with an existing U-M Kerberos password, will allow faculty and staff to access sensitive areas of the University's network. (Photo courtesy MAIS)

Two-factor authentication uses a password and a physical device to establish the identity of a user logging into a computer system. Traditionally, computer systems have relied solely on a password to control access to the system. Unfortunately, there are many ways for hackers to steal and misuse passwords. By adding a second factor to the login process, something that is far harder for a hacker to steal, security for the system is significantly improved. The changes will affect staff members who use the M-Pathways and Development systems.

Anyone who has used an Automated Teller Machine (ATM) has used a form of two-factor authentication. ATMs require the user to have both a PIN (password) and an ATM card to access the system. The password or the card by itself is not enough.

The second factor for authentication at the University will be called the MToken, a physical device that displays a six-digit numeric code that changes every 60 seconds. Users will log in using their traditional UMICH password along with the six-digit code.

The MToken features a Universal Service Bus (USB) adapter. At the present time, the USB adapter will not be used at U-M, but in the next several years, the University will implement other security technologies that will leverage the MToken USB adapter, adding improved security and flexibility. The USB adapter makes the MToken look like one of the common flash drives that are on the market today. The MToken is not a flash drive, though, and cannot be used for file storage. It is specifically designed to provide security services.

MTokens will be distributed this fall to approximately 10,000 members of University community. The systems that people can access and the type of access they have will determine who will receive tokens. MAIS will provide more information about MTokens to staff using systems that require them in the next several months.

More information about MTokens and Two-Factor Authentication can be found at www.mais.umich.edu/mtoken.