You are here

Mandatory Multifactor Authentication for Research.gov Sign-in Effective Sunday, Oct. 27

October 25, 2024

The U.S. National Science Foundation issued a “Dear Colleague Letter” (NSF 25-011) October 11, 2024 to notify the research community about the mandatory use of multifactor authentication (MFA) for Research.gov sign-in effective on Sunday, Oct. 27, 2024. 

All external users must first complete a one-time MFA enrollment process that will be available starting on Oct. 27 and then use MFA to sign into Research.gov going forward.

The MFA options for each user are based upon their assigned role in Research.gov. 

Users with financial or administrative roles must use a phishing-resistant MFA method. Other users can select a phishing-resistant or regular MFA method.
InCommon Federal Login Area on Research.gov

 Using your U-M two factor login for Research.gov

Those with accounts in Research.gov can and should use their Duo two-factor authentication (2FA) through the University of Michigan to log in to eRA or NIH Commons. You can do this through the Federated Login area.

What is InCommon and a Federated Account?

U-M is a member of the InCommon Federation which provides this efficient and secure option. You'll see the "Federated Account" option on the Research.gov Login page. (See image below.)

Why use the U-M login?

  • It reduces administrative burden.
  • It reduces risk.
  • It prevents you from having to remember or store multiple passwords
  • Your single sign-on is maintained in different sessions (e.g. WolverineAccess, UMich Mail, NSF, NIH, Research.gov, etc.)

How to use this login?

Step 1. Go to Research.gov
Step 2. Choose the University of Michigan. (Type a few characters to filter the list.)
Step 3. You'll be prompted to log in using your U-M 2FA. Confirm.


NSF-Provided Training Resources

Training resources, including how-to guides and frequently asked questions (FAQs) will be available on the new About Signing Into Research.gov page on Research.gov Help on Oct. 27. This new page will assist the research community to quickly enroll in MFA and learn how to sign into Research.gov with the selected MFA method.

 

Reiterating the importance of cybersecurity 

As always, U-M urges staff and faculty to use caution, inform your project teams, and report any account irregularities. To protect your accounts:

  • Use a long, complex password for your U-M account.
  • Do not reuse your U-M password elsewhere.
  • Be cautious of emails asking for your login information; these are usually scams.
  • Never share your passwords or Duo passcodes unofficially.
  • Only enter Duo passcodes into the official Duo prompt.
  • Decline any unexpected Duo push notifications and report them to ITS.
  • Report any unauthorized password change emails to ITS immediately at security@umich.edu.

Research IT Security Toolkit

Data security is an important consideration that should be taken into account early in a research project to allow researchers to properly prepare and budget for the implementation of security controls.

The Research IT Security toolkit provides resources to help U-M researchers navigate IT security compliance and ensure their research data is appropriately protected.

See: Protect Research Data / safecomputing.umich.edu 

All members of the U-M community share responsibility for safeguarding university resources and data, and complying with university policies and data protection laws and regulations.