When you create a password, make it:
- Long—nine or more characters. The longer, the better.
- Easy to remember. To help you do that, use a passphrase or a sequence of multiple unrelated words. You will also need to meet any password complexity requirements of the site or service the password is for. Such requirements may include use of upper- and lower-case letters, numbers, and so on.
Manage Your U-M Passwords
UMICH (Level-1) Password
- Choose a secure UMICH (Level-1) password. Choosing a strong, secure password reduces the risk that your password will be guessed or stolen by a password thief.
- Use the Password Security Checklist. Answer the questions in this checklist to see if your password is at risk. If so, it is time to change your password! In particular, do not reuse your UMICH password outside the university.
- Set account recovery information. If you forget your UMICH password, you can request that a password reset code be sent to you at your account recovery address.
- Use two-factor (Duo) authentication. All U-M employees, students, and sponsored affiliates are required to use two-factor for Weblogin to protect their U-M account. Retirees, and alumni are encouraged to do so.
Michigan Medicine (Level-2) Password
Change your Level-2 password at least once a year. Level-2 passwords expire after 365 days if they are not changed. See Michigan Medicine (Level-2) Password in the Michigan Medicine Knowledgebase for instructions.
Manage Your Personal Passwords
It's important to choose strong, unique passwords for each site or service you use, but keeping track of all those passwords can be challenging. Here are some ways to keep track of multiple passwords:
- Memorize them all. Some people with good memories can create multiple passwords with a single theme or follow some other strategy that helps them remember all their passwords.
- Write them down and store them in a secure place. Do not leave them where others can see them or find them. Keep them locked up if at all possible. Store them as you would any other valuable item. Do not store them in a document on your computer unless you have encrypted the file.
- Use password management software. Password management software lets you store multiple passwords in encrypted form so you don't have to remember them. You can access all your passwords using one master password. Cost and features vary, so select a password manager that meets your needs. Do an internet search for "password manager reviews" for current information. A number of consumer and technical websites do annual reviews and comparisons of password management software.
- Use two-factor authentication wherever possible. Stop password thieves from getting into your accounts by adding a layer of security to block them. You can turn on two-factor for many types of personal accounts.