Password Security Checklist

Use Two-Factor

Strong passwords are essential, but they aren't enough. Phishing attacks and data breaches put all your passwords at risk, and you need additional security. Faculty, staff, student employees, and sponsored affiliates on all U-M campuses are required to use two-factor (Duo) for Weblogin. All other members of the university community (students, retirees, and alumni) are encouraged to use it.

Change Your Password If It Is at Risk

Ask yourself the questions below to see if you need to change your password. Balance your answers with the need to have a password that you can remember without having to write it down. If you have a strong, secure password or passphrase that is easy for you to remember and you use it with care, you may not need to change it as often as someone whose password is more vulnerable.

When you change your UMICH (Level-1) password via UMICH Account Management, a password-strength checker helps ensure that your new password is strong and safe. See Choosing and Changing a Secure UMICH (Level-1) Password for tips on selecting a secure, strong password..

  • Have you used your UMICH password for a non-U-M service?
    Use your UMICH password only for U-M services. Other services may not provide the same level of password protection that U-M does. If you have used your password for non-university services, it's time to change your password.
  • Have you used your UMICH password on a public network, such as those at hotels or coffee shops?
    If you use an insecure network, you should change your password after doing so. If you must use an insecure wireless network, use the U-M Virtual Private Network (VPN) to protect your connection.
  • Have you told anyone your UMICH password?
    Never tell anyone your password—not even family members or IT support staff. If you have told anyone your password, it's time to change your password.
  • Students, did you share your UMICH password with your parents?
    Never tell anyone your password, not even your parents! Set your parents up with their own Friend accounts instead so they can make payments on your student account. And if you shared you password with your parents, it's time to change your password.
  • Do you think you may have fallen for a phishing scam?
    If you think you may have been tricked by a phishing email into providing your password, it's time to change your password. In fact, do it immediately.
  • Lost or stolen device?
    If your computer or mobile device has been lost or stolen, it is a good idea to change your password. And if the computer or device was used to store or access sensitive university data, report it as a security incident to the ITS Service Center.
  • Have you traveled abroad? Or are you planning to? Change your UMICH (Level-1) password to one that will be used only during your trip—and change it again when you return. Also change any other passwords you expect to use while traveling.
  • Does your password follow the guidelines for UMICH password security?
    If not, it's time to change your password.