Change Your UMICH password
- If you suspect your U-M account has been compromised or stolen:
- Change your UMICH (Level-1) password. For instructions and tips, see Choosing and Changing a Secure UMICH Password.
- Reset your account recovery information in UMICH Account Management so you can reset your password yourself if you forget it.
- If you suspect a personal account has been compromised, change the password for that account. Choose a strong password and make it unique to that account. Do not use the same password for multiple accounts; that puts all your accounts at risk if one is compromised.
- UM-Ann Arbor: Report a suspected compromised U-M account immediately to the ITS Service Center.
- Michigan Medicine: Report a suspected compromised U-M account immediately to the HITS Service Desk.
- If you suspect a personal account has been compromised, check the account documentation to find out how to report the compromise.
Turn On Two-Factor for Weblogin
- Two-factor (Duo) authentication for Weblogin (the login page for Wolverine Access, U-M Google, and more) is required and automatically turned on for all current faculty, staff, students, and sponsored affiliates.
- Alumni and retirees can turn on two-factor authentication for Weblogin to add extra protection for their accounts.
When you have two-factor authentication turned on, anyone trying to access your U-M account must provide two proofs of ID. The two factors, or proofs of ID, are:
- Something you know—your password.
- Something you have, such as a passcode, a phone, or even a mobile app.
Monitor for Suspicious Activity
- Check your U-M Google email for suspicious activity. Make screen shots showing any settings that have been tampered with to include in your report of the incident.
- Check activity on your account by clicking the Details link at the bottom of your inbox (when accessing your mail from a Web browser). See Google's Last account activity help. Click the Sign out all other web sessions button if you see suspicious activity.
- Check the Trash and Sent mail folders for messages you didn’t send or delete.
- In your Mail Settings, review Forwarding and Filters and delete those you don’t recognize.
- In your Mail Settings, under Account, check the settings for Send mail as and Grant access to your account to be sure these have not been changed.
- Learn more about monitoring and securing your Google Mail, as well as about protecting your personal information and privacy, at Google: My Account.
- Check your other U-M services for suspicious activity. For example, look for files in your online storage space, such as U-M Dropbox, that you did not put there.
Follow Additional Identity Theft Guidance
To detect, prevent, and mitigate identity theft, familiarize yourself with the U-M Identity Theft Prevention Program and follow the Safe Computing guidance.