Password Security Checklist

Use Two-Factor

Strong passwords are essential, but they aren't enough. Phishing attacks and data breaches put all your passwords at risk, and you need additional security. Faculty, staff, student employees, and sponsored affiliates on all U-M campuses are required to use two-factor (Duo) for Weblogin. All other members of the university community (students, retirees, and alumni) are encouraged to use it.

Change Your Password If It Is at Risk

Ask yourself the questions below to see if you need to change your password. Balance your answers with the need to have a password that you can remember without having to write it down. If you have a strong, secure password that is easy for you to remember and you use it with care, you may not need to change it as often as someone whose password is more vulnerable.

When you change your UMICH (Level-1) password via UMICH Account Management, a password-strength checker helps ensure that your new password is strong and safe. See Choosing and Changing a Secure UMICH (Level-1) Password for tips on selecting a secure, strong password..

  • Have you used your UMICH password for a non-U-M service?
    We recommend that you use your UMICH password only for U-M services. Other services may not provide the same level of password protection that U-M does. If you have used your password for non-university services, it's time to change your password.
  • Have you used your UMICH password on a public network, such as those at hotels or coffee shops?
    If you use an insecure network, you should change your password after doing so. If you must use an insecure wireless network, use the U-M Virtual Private Network (VPN) to protect your connection.
  • Have you told anyone your UMICH password?
    Never tell anyone your password! If you have, it's time to change your password.
  • Did you share your UMICH password with your parents?
    Never tell anyone your password, not even your parents! If you have, you should set your parents up with their own Friend accounts instead, and it's time to change your password.
  • Do you think you may have fallen for a phishing scam?
    If you think you may have been tricked by a phishing email into providing your password, it's time to change your password. In fact, do it immediately.
  • Does your password follow the guidelines for UMICH password security?
    If not, it's time to change your password.
  • Is your password more than a year old?
    It's time to change your password.
  • Were you informed by ITS or your security unit liaison that you have a weak password?
    If so, it's time to change your password.