Two-Factor Authentication

U-M uses Duo two-factor authentication to protect U-M systems and data, as well as your own personal information


Screenshot of Duo push alert, with an arrow pointing to bottom right where the Deny button is.

Be especially aware of any Duo Push notifications that may come unexpectedly! Do not accept these. Push the "Deny" button and report to HITS immediately. If you have received an unsolicited Duo Push (I.e., You did not log into/initiate a Duo request), your credentials may have already been compromised. Contact the HITS Service Desk at 6-8000 for assistance.

What is Two-Factor Authentication?

Two-factor authentication keeps an individual’s account secure even if their password is compromised. It requires two proofs of identity when logging in:

  1. Something you know, such as your UMICH password.
  2. Something you have, such as a mobile app or hardware token.

Duo helps to protect your direct deposit information and W2s. It is also used for:

  • Electronic Prescription of Controlled Substances (EPCS)
  • Remote access (VPN) service
  • Outlook on the web
  • Other services as security assessments dictate