130 likes | 324 Views
University of Michigan Administrative Information Services. Two-Factor Authentication An Update. Linda Hancock Green August 2006. Two-Factor Authentication Project. Having a second “factor” for authentication improves security and helps protect University data resources
E N D
University of Michigan Administrative Information Services Two-Factor AuthenticationAn Update Linda Hancock Green August 2006
Two-Factor Authentication Project • Having a second “factor” for authentication improves security and helps protect University data resources • A reusable password plus a physical device greatly increases the security around authentication • Most common example: ATMs require that you have a reusable password (PIN) and a physical card in order to access your bank account • Two-Factor authentication is being more widely embraced by the banking and financial services industries (e.g. ETrade) • MAIS will be implementing Two-Factor Authentication for some systems this fall • We have used this in the past for the mainframe and UNIX access; now it will be extended to M-Pathways Unit Liaison Meetings
What is Two-Factor? Something you know (UMICH Kerberos Password) & Something you have (MToken) • A reusable password and a single-use tokencode Unit Liaison Meetings
New login Screen • Coming Sept. 16 Unit Liaison Meetings
MToken Rollout • Mid-September • MAIS, DAC, special groups and MToken support staff get MTokens; all others check the box • Early October • All Business & Finance units and many central offices • Mid-October • UMHS, Medical School & several VP areas • Early-November • Most Ann Arbor schools & colleges & remaining VP areas • Mid-November • Flint, Dearborn and rest of Ann Arbor campus Unit Liaison Meetings
Communication & Awareness • Week of August 14 • U Record article • Special e-mail to users • Distribution of posters (through Facilities Managers & ULs at Flint & Dearborn) • Information on the Web at www.mais.umich.edu/mtoken • Week of September 11 (New login screen coming. Check the box saying you don’t yet have your MToken until you receive one.) • MToken distribution (to each group) • E-mail (Watch for your MToken in campus mail.) • Postcard (Your MToken is coming in campus mail.) • MToken mailed to campus address (Instructions for activating MToken inside). Users have 7 business days to complete activation process! • E-mail (Only sent to users who have not yet activated their MToken—2 day notice: Deadline is approaching. Activate your MToken by deadline.) • E-mail (Only sent to users who have not activated their MToken by deadline—Here is your activation code. You must activate your MToken before you can log in again.) Unit Liaison Meetings
Checking the “box” at login • During rollout, until you have an MToken, you check the box. • After rollout, the process changes—if you have access, you must use an MToken to login. • Only special exceptions, like test IDs, will be allowed to check the box. Unit Liaison Meetings
Issues for UL attention • Accurate campus addresses • MAIS will pull list of users with “bad” addresses for your review • Clean up “bad” addresses for regular employees • Temps, contractors, consultants – we will need campus mailing addresses from you • Hospital staff with HCA address will be delivered through normal channels • MTokens will be sent USPS to other off-campus addresses • Complete M1 for terminated employees • Review September security report carefully Unit Liaison Meetings
Reviewing internal processes • Incorporate MTokens into your hiring process • MAIS will include information about getting an MToken in e-mail generated when M-1 is processed. • New employees can pick up an MToken when they get their Mcard (except in Flint—HR office will distribute, and Dearborn – ITS Accounts office will distribute) or from any MDC. • Incorporate MToken into your termination process • MToken goes with an employee who is transferring to a job/department where they will need system access. • Collect MTokens from employees leaving the University. • Return MTokens to MAIS or an MDC so it can be un-assigned and redistributed. • Think about how to manage access for RIFs, leaves, and other situations. Collect MTokens when appropriate. Unit Liaison Meetings
MToken Help Desks • MToken Help Desks can assist with problems authenticating with an MToken. • MAIS Help Desk (phone: 734-936-7000 and select option 1; e-mail: maishelpdesk@umich.edu) • Problems using the MToken Service Center (MTSC) Web site should go to the MAIS Help Desk. • ITCS Accounts Office (phone: 734-764-8000 and select option 3) • MCIT Help Desk (phone: 734-936-8000) for Hospital & Health Center staff only Unit Liaison Meetings
MToken Distribution Centers • MToken Distribution Centers (MDC) have MToken Administrators where you can: • Request an MToken (Identification and the reason why you need an MToken is required.) • Turn in broken tokens • Obtain a replacement cap for your MToken • The following offices are MDCs • Mcard Center, 1000 Student Activities Building: M-F, 8 a.m.-5 p.m. • Entrée Office, B430 Pierpont Commons: M-F, 8 a.m.-5 p.m. • Key & ID Office, C158 Med Inn (Hospital and Health Center staff only): M-F, 8 a.m.-5 p.m. • Employment Office, 250G Wolverine Tower: M-F, 8 a.m.-4:30 p.m. • MAIS, Access Services (go to main office in ASB) • ITCS Accounts Office, Arbor Lakes: M-F, 8 a.m.-4:30 p.m. • ITCS Accounts Office, Michigan Union: M-F, 8 a.m.-4:30 p.m. • Flint Campus – Central HR office • Dearborn Campus, ITS Accounts Office, 1141 Computing Science Wing: M-F 8:30 a.m.-4:30 p.m. (except closed 1-2 p.m.) Unit Liaison Meetings
MTokens to Marketsite users • Marketsite users who will not be purchasing items will not need or receive an MToken • Users currently with access to M-Pathways Financials system will receive an MToken with the rest of their unit • Marketsite users who will purchase items with new access to M-Pathways will also receive an MToken with the rest of their unit. • There will be some exceptions to this due to scheduling, but we’ll get tokens out to those users as quickly as possible Unit Liaison Meetings
Questions? Unit Liaison Meetings