Return to: U of M Home
It’s identifying (authenticating) you with two separate forms of identification: something you have and something you know. If you use an Instant Cash Card, you already are using Two Factor Authentication where the card is something you have, and the PIN is something only you know. The SecurID card used to access the CUFS system is another form of Two Factor Authentication. A Two Factor Authentication system is stronger than just a password system. Even if you lose your M Key, no one will be able to log in as you without knowing your PIN.
The University is continually taking steps to ensure the security of our systems. Strong password rules and periodic password changes have improved the security of password systems. Unfortunately, nothing can make passwords strong enough. There are too many threats, both hardware and software, that can allow others to capture your password and then log in as you. Coupled with good security practices from you, the M Key system will significantly reduce the likelihood that someone can log in as you. That improves our security and reduces the risk of unauthorized access and disclosure of private data.
You currently use your Internet Id and Enterprise password to log into Enterprise applications. With the M Key your two factors of authentication will replace your Enterprise password. You push the button on the M Key to generate the M Key code. Key in the M Key code immediately followed by your private PIN into the Password field on the login page. If you access multiple servers or applications and are prompted to log in, you must press the button on your M Key to generate a new M Key code for each login.
Enterprise Web Applications will be converted to use the M Key instead of the Enterprise password. During the transition period the login page will be changed to allow either the M Key or the Enterprise password. Once everyone has received their M Key and has time to activate it, the applications will be changed to require the M Key. You will receive an email in advance of this cutover date.
About 8000 people across the University will be using the M Key. We’re starting with the Office of Information Technology staff who manage the servers and databases for our Enterprise systems. Other users of the M Key will include Data Warehouse, UITT, EDMS, PeopleSoft HR/SA systems and the new PeopleSoft Financial system. The M Key system integrates with the Central Authentication Hub (CAH) system used for authentication to existing Enterprise web applications.
OIT Data Security can determine, based on your Access Request Form (ARF), whether or not you will need an M Key. If the access you have requested requires an M Key for authentication, one will be sent to you.
M Key requests for staff in JaWS, NTS or Internet Services should be made by one of the following people:
JaWs - Dave Johnson or Kevin Henninger
NTS - John Miller or Louis Hammond
Internet Services - Kevin O’Rourke
This is a protective film used to protect the display window during manufacturing and transit. You should remove this in order to clearly see the password on the M Key. You can slip a fingernail under the edge or put some tape over it and pull it off.
The implementation schedule is posted on the MKey.umn.edu website. Visit the site frequently to check for updates.
Yes! If you will continue to access Enterprise Applications that require the M Key, you can just take it with you to your new department. If your new job duties won’t require you to use the M Key, please return it to OIT Data Security, 660 WBOB, Mailstop 7531. U.S Mail please add 1300 South 2nd St., Minneapolis, MN 55455.
Go to www.umn.edu/myaccount and click “Change your M Key PIN” (found under the “Passwords/Security” heading). You need to know your Internet password to change your M Key PIN.
Your PIN (Personal Identification Number) does not expire, so you won’t be asked to change it. If you want to change your PIN, you can change it at www.umn.edu/myaccount. If you think your PIN has been compromised you should change it.
Call the Help Desk (612-301-4357 or dial 1-HELP from a TC campus phone) to enable a temporary password. This will allow you to set your own temporary password at www.umn.edu/myaccount. The password will take the place of your M Key only for that day.
CUFS users will continue to use their SecurIDs until the CUFS system is replaced by the new Financials system. Some people will have both a SecurID for CUFS and the new M Key for other Enterprise applications.
OIT has completed the cutover to M Key authentication for servers and Oracle databases. Implementation for Enterprise web applications is in progress. The M Key also can be used—but will not be required—for CAH controlled Self-Service applications (e.g., MyU Portal and Employee Self-Service). To use your M Key for these web applications, enter your M Key code and the PIN in the password field.
A number of applications are out of scope for the M Key system. They include the CUFS system (which will continue to use the SecurID), Financial Forms Nirvana, Treasury PeopleSoft, and any system that only requires the Internet password for authentication. PeopleSoft "two-tier" logins will not use the M Key.
If the system you are accessing requires M Key authentication, then you need to use your M Key whether you work in the office or at home.
Call the Help Desk (612-301-4357 or dial 1-HELP from a TC campus phone) to enable an extended temporary password. This will allow you to set a temporary password at www.umn.edu/myaccount. A new M Key will be mailed to you, which you will activate as you did for your original M Key. The first replacement M Key will be free; you will be charged $20 for each additional replacement.
If you no longer need to use the M Key, please return it to OIT Data Security, 660 WBOB, 7531. U.S Mail please add 1300 South 2nd St., Minneapolis, MN 55455.
The battery in the M Key should work for several years, but eventually the battery will fail. The M Key display will begin to fade at least a month before it actually fails. If this is happening to your M Key call the Help Desk (612-301-4357 or dial 1-HELP from a TC campus phone) and tell them your M Key is failing. A new M Key will be sent to you at no charge.
If your M Key fails to work, it will be replaced at no charge. Call the Help Desk (612-301-4357 or dial 1-HELP from a TC campus phone) and tell them your M Key is broken.
The M Key can display letters and numbers, but if there is any question use the number. For example, if you aren’t sure if it’s the letter “S” or the number “5,” it will be the number. This is true for the letter “L” and the number “1” and for letter “B” and the number “8.”
M Key passwords are not case sensitive and will work using upper or lower case.
If you have suggestions for additions or changes to this FAQ, please send an email to Mkey@umn.edu.
