New UMICH password strength requirements

FacebooktwitterredditlinkedinmailFacebooktwitterredditlinkedinmail
" "
(freeGraphicToday on pixabay.com)

Next time you change or reset your UMICH (Level-1) password, you will need to meet new password strength requirements. Existing passwords are not affected by the new requirements and can remain as is.

The new requirements align with current best practices and National Institute of Standards and Technology (NIST) guidelines for passwords. Given the sophistication of attempted attacks at U-M, ITS Information Assurance decided to implement several NIST recommendations and go with a longer minimum password length. The requirements  are supported by the U-M Identity and Access Management (IAM) Advisory Council, which is made up of representatives from across the university. 

As of August 15, 2020, newly created, changed, or reset UMICH passwords:

  • Must be 15 characters or longer. Tips for creating long passwords have been added to the documentation.
  • Will be dynamically assessed for strength using an algorithm that calculates a strength score.
  • Will be checked against a database of known breached passwords.

The UMICH Account Management site, where you manage your UMICH password, also got an upgrade and new look.

“The updated password requirements reflect the latest thinking in password strength and better address the evolving threats the university faces. I really appreciate the IAM team and the Advisory Council pushing this forward, ” said Sol Bermann, U-M chief information security officer and executive director of ITS Information Assurance.