Information and Technology Services along with many units are working to discontinue use and retire the two-decade old Cosign Authentication service. As part of the U-M Annual Internal Control Certification process for this fiscal year, units are required to attest to discontinuing or planning to discontinue use of Cosign in unit-owned applications by June 2023.
The ITS Identity & Access Management team (IAM) has finalized plans to reach key milestones that will remove dependencies on the Cosign authentication service by summer 2022. Cosign has been the university’s secure, single sign-on, web authentication system for more than 20 years. Originally designed at U-M, the open source software was once widely used across higher education.… Read More »
Getting questions about U-M’s move to two-factor for Weblogin for faculty and staff? New and updated materials are available that you can refer people to. The online and print materials are intended to help you prepare for January 23, 2019, when two-factor for Weblogin will be turned on for all faculty, staff, student employees, and sponsored affiliates of… Read More »
Don’t let travel plans interrupt the protections provided by Duo. Duo offers multiple options to help you complete two-factor authentication when traveling. You may be able to use your regular Duo two-factor option, or you may need to use an alternative, depending on your travel plans. The recommended travel option is the Duo Mobile app on a smartphone… Read More »
Now you can get the security benefits of two-factor for Weblogin with fewer login prompts. The Duo Remember Me time was extended from 12 hours to seven days on August 25. Remember to select the checkbox if you want Duo to remember you. You’ll see the Remember Me checkbox when you log in to a U-M site or… Read More »
A security-token necklace, ear buds, or eyeglasses developed at U-M could eliminate vulnerabilities in voice authentication—the practice of logging in to a device or service with your voice alone. “Increasingly, voice is being used as a security feature but it actually has huge holes in it,” said Kang Shin, professor of electrical engineering and computer science at U-M.… Read More »
When students, staff, and faculty come to you with concerns about the latest virus, hack, or phishing attempt, pass on the good news that turning on two-factor to protect their U-M Weblogin and personal data is even easier. In April, the university added the Remember Me option to two-factor for services accessed via the Weblogin page. It allows you… Read More »
The ITS Identity and Access Management team is exploring Privileged Access Management (PAM) and third-party solutions to mitigate U-M’s cybersecurity risk exposure.
IT Innovation at Lunch, a professional interest group open to the Michigan IT community, will host a session May 19 about managing elevated access.
As of December 5, the last server supporting U-M’s former two-factor authentication vendor, RSA, was retired at the university after more than a decade of use. The retirement of RSA and MTokens marks the last step in the vendor replacement process. Since July 2016, cloud-based Duo Security has provided the university’s two-factor authentication service, offering a variety of… Read More »
Strong passwords are essential, but they are not enough anymore. Your password needs a partner—two-factor authentication.