When you create a password, make it:
- Long—9 or more characters. The longer, the better.
- Easy for you to remember
To help you do that, use a passphrase or a sequence of multiple unrelated words. You will also need to meet any password complexity requirements of the site or service the password is for. Such requirements may include use of upper- and lower-case letters, numbers, and so on.
UMICH (Level-1) Password
Set account recovery information in case you forget your UMICH (Level-1) password.
Check your UMICH password regularly, and change it if it is at risk.
Turn on two-factor for Weblogin.
Michigan Medicine (Level-2) Password
Choose a secure password and change it according to Michigan Medicine guidelines.
See Level-2 Password in the Michigan Medicine Knowledgebase for instructions on changing this password. Level-2 passwords must be changed at least once each year; these passwords expire after 365 days if they are not changed.
Use Duo two-factor security with your Level-2 password when required.
Never use your UMICH password for non-university services.
How to keep track of multiple passwords.
Some ways to keep track of multiple passwords:
- Memorize them all. Some people with good memories can create multiple passwords with a single theme or follow some other strategy that helps them remember all their passwords.
- Write them down and store them in a secure place. Do not leave them where others can see them or find them. Keep them locked up if at all possible. Store them as you would any other valuable item. Do not store them in a document on your computer unless you have encrypted the file.
- Use password management software. Password management software lets you store multiple passwords in encrypted form so you don't have to remember them. You can access all your passwords using one master password.
Use two-factor authentication wherever possible.