Organization adopts improved login security to help protect institutional, personal data

The university is taking steps to improve the security of institutional data and systems, and even personal data, by expanding the use of Duo two-factor authentication.

The expansion involves using two-factor at Weblogin — and the software behind it — that allows individuals to log in and access protected U-M web resources such as direct deposit and W-2 information in Wolverine Access.

Faculty, staff and sponsored affiliates with a Michigan Medicine account (Level 2) are required to use two-factor for Weblogin beginning today, Oct. 10.

Current plans are for the Ann Arbor campus and UM-Dearborn to use Duo at Weblogin by Jan. 23, 2019.

“As the number of cyberattacks and data breaches continue to rise in health care, organizations and their patients’ health information are increasingly targeted. Successful attacks on health systems and universities have been costly in terms of time, reputation, resources and fines,” said Jack Kufahl, chief information security officer for Michigan Medicine. “Two-factor authentication is one of the best ways to protect against phishing and other identity-based attacks. Without your physical device, remote attackers can’t pretend to be you in order to gain unauthorized access to sensitive information stored in applications.”

Duo provides the most options for individual choice, while effectively reducing IT security risks.

The preferred and recommended option for most employees is the downloadable Duo Mobile app for their smartphone. Based on work style, travel or need, individuals may choose alternate options, such as passcodes, landlines or a hardware token.

Those looking for advice on which options to use can visit the Safe Computing website, stop by a Help Me Now location, or contact the HITS Service Desk.