Michigan Medicine has transitioned to a single 15-character passphrase to replace multiple passwords. The new passphrase is easier to remember and eliminates the need for annual password resets. The transition was designed to be seamless and the project team worked well together to make it happen.
The University of Michigan has mandated that passwords for all UMICH (Level-1) accounts be changed by the end of Sept. 12. An email informing faculty, staff and students across the Ann Arbor, Dearborn and Flint campuses, as well as Michigan Medicine, was sent from Ravi Pendse, vice president for information technology, and Sol Bermann, chief information security officer.… Read More »
Here is an important password tip: Do not reuse your UMICH (Level-1) password. Try to set a unique password for each site and online service you use (or use a password manager), and never use your UMICH password for non-university accounts or services. Reusing passwords puts you at risk. There have been a number of data breaches outside… Read More »
Next time you change or reset your UMICH (Level-1) password, you will need to meet new password strength requirements. Existing passwords are not affected by the new requirements and can remain as is. The new requirements align with current best practices and National Institute of Standards and Technology (NIST) guidelines for passwords. Given the sophistication of attempted attacks… Read More »
Michigan Medicine employees and students are required to use passwords to access various applications and business systems in their daily work. Because it can be difficult to keep track of multiple passwords, some people choose a simple password they can remember (e.g., their date of birth, a pet’s name, or another easily discovered piece of personal information), keep… Read More »
The public release of credentials (email addresses and associated passwords) related to the 2018 Chegg breach unfortunately affected the U-M community. Thank you to those of you who assisted students and others whose UMICH passwords were reset in late September as a result of reuse at U-M of passwords exposed in a data breach at Chegg, a commercial… Read More »
You put U-M systems and data at risk if you use your UMICH (Level-1) password for non-university services. If you use your UMICH email address and password to establish a personal account (for example, at LinkedIn), and that information is exposed in a data breach, your UMICH account is now at risk. If you have used your UMICH… Read More »
If you ever forget your UMICH (Level-1) password, you can efficiently recover your account access as long as you have already completed some simple, advance setup. ITS has long offered a self-service account recovery option, but many users were unaware of the advance setup requirement until it was too late. To address this gap, ITS is adding a… Read More »
The Enterprise Identity and Access Management (EIAM) program began 18 months ago to improve how people obtain and use accounts to access U-M services. The program came to an official close this summer. The program’s ambitious scope included the entire U-M community—Ann Arbor, Dearborn, Flint, and Michigan Medicine. The team sought to reduce today’s pain points and to plan for improvements into the future.
Resetting a forgotten UMICH (Level-1) password can be easy—but only if you’ve set up account recovery information ahead of time. When you save your account recovery information—a non-university email account and/or your mobile phone—we then know where to send your password-reset code in case you ever forget your password. To make this process easier, ITS will begin gradually… Read More »
You put U-M systems and data at risk if you use your UMICH (Level-1) password for non-university services. If you use your UMICH email address and password to establish a personal account (for example, at LinkedIn), and that information is exposed in a data breach, your UMICH account is now at risk. If you have used your UMICH… Read More »
A new option for securely and conveniently resetting a forgotten UMICH (Level-1) password is now available. In the past, if you forgot your UMICH password, you had to request a password reset code be sent to a non-UMICH email account. Now you may send the password reset code to your phone as a text message. (Standard text message… Read More »
In honor of World Password Day on May 3, School of Information assistant professor Florian Schaub shared these online security tips: Use a password manager Use unique passwords Use two-factor authentication (like Duo!) Whether it’s World Password Day or not, it’s a good idea to update online privacy settings. Watch the video below to learn how. For additional… Read More »
If you forget your UMICH (Level-1) password and want to reset it yourself, you can do so only if you previously saved account recovery information at UMICH Account Management. That’s because the university needs to know where to send you a password-reset code. Most new students and employees now provide account recovery information as part of self-serve uniqname setup, but many of… Read More »
Later this spring, a new option for account recovery will be added to UMICH Account Management. Currently, if you forget your UMICH (Level-1) password, you can receive a password reset code by email (as long as you have provided a non-UMICH email address for that purpose). Information and Technology Services (ITS) is working to give you the option… Read More »
Beginning February 24, you will be able to reset your UMICH (Level-1) password yourself without having to remember answers to your security questions. Before you can reset your UMICH password online at UMICH Account Management, your identity must be verified. For several years that has been done through the use of pre-set security questions and answers along with… Read More »
After over a year in development and testing in collaboration with the UM-Ann Arbor ITS Identity and Access Management team, UM-Flint ITS completed a project designed to synchronize employees’ UMICH passwords to their Flint LAN accounts. This project has reduced the number of passwords UM-Flint employees need to remember and increased the time between password changes to one… Read More »
You can deploy Passwordstate in your unit under a U-M license that covers use by U-M faculty, staff, and students on all U-M campuses. Passwordstate allows teams of people to access and share sensitive password resources and is typically used for managing elevated and administrative passwords, as well as passwords for smaller proprietary systems, such as research databases.… Read More »
Many people at U-M receive phishing emails with links to fake Weblogin pages that look exactly like the real one. When people log in to the fake page, their password is stolen, and their U-M account is compromised. The only clue it’s a fraudulent login page is the URL. Before entering your UMICH (Level 1) password, check that… Read More »
You put U-M systems and data at risk if you use your UMICH (Level-1) password for non-university services. If you use your UMICH email address and password to establish a personal account, and that information is exposed in a data breach, your UMICH account is at risk. If you have used your UMICH (Level-1) password for non-university services,… Read More »