Tag Archives: authentication

Cosign retirement success

Originally designed at U-M more than twenty years ago, Cosign was once widely used across higher education. The degree to which U-M had integrated Cosign into countless applications was a testament to its success. However, the user base dwindled at U-M and across higher ed as institutions transitioned to more modern authentication protocols (OIDC and SAML). At U-M… Read More »

Units: plan to discontinue Cosign use by June 2023

Information and Technology Services along with many units are working to discontinue use and retire the two-decade old Cosign Authentication service. As part of the U-M Annual Internal Control Certification process for this fiscal year, units are required to attest to discontinuing or planning to discontinue use of Cosign in unit-owned applications by June 2023.

Transition from Cosign to Shibboleth Authentication

The ITS Identity & Access Management team (IAM) has finalized plans to reach key milestones that will remove dependencies on the Cosign authentication service by summer 2022. Cosign has been the university’s secure, single sign-on, web authentication system for more than 20 years. Originally designed at U-M, the open source software was once widely used across higher education.… Read More »

Duo expansion: New app and resources support two-factor for Weblogin

Getting questions about U-M’s move to two-factor for Weblogin for faculty and staff? New and updated materials are available that you can refer people to. The online and print materials are intended to help you prepare for January 23, 2019, when two-factor for Weblogin will be turned on for all faculty, staff, student employees, and sponsored affiliates of… Read More »

Use Duo when traveling

Don’t let travel plans interrupt the protections provided by Duo. Duo offers multiple options to help you complete two-factor authentication when traveling. You may be able to use your regular Duo two-factor option, or you may need to use an alternative, depending on your travel plans. The recommended travel option is the Duo Mobile app on a smartphone… Read More »

Duo can remember you for seven days

Now you can get the security benefits of two-factor for Weblogin with fewer login prompts. The Duo Remember Me time was extended from 12 hours to seven days on August 25. Remember to select the checkbox if you want Duo to remember you. You’ll see the Remember Me checkbox when you log in to a U-M site or… Read More »

Wearables to boost security of voice-based log-in

By | November 6, 2017

A security-token necklace, ear buds, or eyeglasses developed at U-M could eliminate vulnerabilities in voice authentication—the practice of logging in to a device or service with your voice alone. “Increasingly, voice is being used as a security feature but it actually has huge holes in it,” said Kang Shin, professor of electrical engineering and computer science at U-M.… Read More »

Remember Duo Remember Me?

When students, staff, and faculty come to you with concerns about the latest virus, hack, or phishing attempt, pass on the good news that turning on two-factor to protect their U-M Weblogin and personal data is even easier. In April, the university added the Remember Me option to two-factor for services accessed via the Weblogin page. It allows you… Read More »

No more MTokens! Last RSA server retired

As of December 5, the last server supporting U-M’s former two-factor authentication vendor, RSA, was retired at the university after more than a decade of use. The retirement of RSA and MTokens marks the last step in the vendor replacement process. Since July 2016, cloud-based Duo Security has provided the university’s two-factor authentication service, offering a variety of… Read More »