Originally designed at U-M more than twenty years ago, Cosign was once widely used across higher education. The degree to which U-M had integrated Cosign into countless applications was a testament to its success. However, the user base dwindled at U-M and across higher ed as institutions transitioned to more modern authentication protocols (OIDC and SAML). At U-M… Read More »
The University of Michigan is committed to making certain that all of the institution’s websites are safe, secure, and protected. Website owners are encouraged to upgrade their websites hosted on the ITS Web Hosting Virtual Host Service.
Atlassian offers a number of popular software titles, many of which are used in ITS and at U-M. Learn how U-M Information and Technology Services has partnered with Atlassian to make signing on to their products with a UMICH email easier and safer.
Information and Technology Services continues to partner with units to discontinue all use of the two-decade old Cosign Authentication service by the end of June 2023.
Information and Technology Services along with many units are working to discontinue use and retire the two-decade old Cosign Authentication service. As part of the U-M Annual Internal Control Certification process for this fiscal year, units are required to attest to discontinuing or planning to discontinue use of Cosign in unit-owned applications by June 2023.
The ITS Identity & Access Management team (IAM) has finalized plans to reach key milestones that will remove dependencies on the Cosign authentication service by summer 2022. Cosign has been the university’s secure, single sign-on, web authentication system for more than 20 years. Originally designed at U-M, the open source software was once widely used across higher education.… Read More »
Getting questions about U-M’s move to two-factor for Weblogin for faculty and staff? New and updated materials are available that you can refer people to. The online and print materials are intended to help you prepare for January 23, 2019, when two-factor for Weblogin will be turned on for all faculty, staff, student employees, and sponsored affiliates of… Read More »
Don’t let travel plans interrupt the protections provided by Duo. Duo offers multiple options to help you complete two-factor authentication when traveling. You may be able to use your regular Duo two-factor option, or you may need to use an alternative, depending on your travel plans. The recommended travel option is the Duo Mobile app on a smartphone… Read More »
Now you can get the security benefits of two-factor for Weblogin with fewer login prompts. The Duo Remember Me time was extended from 12 hours to seven days on August 25. Remember to select the checkbox if you want Duo to remember you. You’ll see the Remember Me checkbox when you log in to a U-M site or… Read More »
A security-token necklace, ear buds, or eyeglasses developed at U-M could eliminate vulnerabilities in voice authentication—the practice of logging in to a device or service with your voice alone. “Increasingly, voice is being used as a security feature but it actually has huge holes in it,” said Kang Shin, professor of electrical engineering and computer science at U-M.… Read More »
When students, staff, and faculty come to you with concerns about the latest virus, hack, or phishing attempt, pass on the good news that turning on two-factor to protect their U-M Weblogin and personal data is even easier. In April, the university added the Remember Me option to two-factor for services accessed via the Weblogin page. It allows you… Read More »
The ITS Identity and Access Management team is exploring Privileged Access Management (PAM) and third-party solutions to mitigate U-M’s cybersecurity risk exposure.
IT Innovation at Lunch, a professional interest group open to the Michigan IT community, will host a session May 19 about managing elevated access.
As of December 5, the last server supporting U-M’s former two-factor authentication vendor, RSA, was retired at the university after more than a decade of use. The retirement of RSA and MTokens marks the last step in the vendor replacement process. Since July 2016, cloud-based Duo Security has provided the university’s two-factor authentication service, offering a variety of… Read More »
Strong passwords are essential, but they are not enough anymore. Your password needs a partner—two-factor authentication.