When you create a password, make it:
- Long. The longer, the better! Your UMICH (Level-1) password must be 15 characters or longer.
- Easy to remember. To help you do that.
You will also need to meet any password complexity requirements of the site or service the password is for. Such requirements may include use of upper- and lower-case letters, numbers, and so on.
Manage Your U-M Passwords
UMICH (Level-1) Password
- Choose a secure UMICH (Level-1) password. Choosing a strong, secure password reduces the risk that your password will be guessed or stolen by a password thief.
- Use the Password Security Checklist. Answer the questions in this checklist to see if your password is at risk. If so, it is time to change your password! In particular, do not reuse your UMICH password outside the university.
- Set account recovery information. If you forget your UMICH password, you can request that a password reset code be sent to you at your account recovery address.
- Use two-factor (Duo) authentication. All U-M employees, students, and sponsored affiliates are required to use two-factor for Weblogin to protect their U-M account. Retirees, and alumni are encouraged to do so.
Michigan Medicine (Level-2) Password
Change your Level-2 password at least once a year. Level-2 passwords expire after 365 days if they are not changed. See Michigan Medicine (Level-2) Password in the Michigan Medicine Knowledgebase for instructions.
Manage Your Personal Passwords
It's important to choose strong, unique passwords for each site or service you use, but keeping track of all those passwords can be challenging. Here are some ways to keep track of multiple passwords:
- Consider a Password Manager. A password manager can store your passwords in an encrypted file so that don't need to remember them, and good password managers will help make up passwords for you using random letters, numbers, and characters. All you have to remember is one password to open the manager!
- Use two-factor authentication wherever possible. Stop password thieves from getting into your accounts by adding a layer of security to block them. You can turn on two-factor for many types of personal accounts.
- If you need to write down or store passwords, do it securely. Do not leave them where others can see them or find them. Keep them locked up if at all possible. Store them as you would any other valuable item. Do not store them in a document on your computer unless you have encrypted the file.