Change your UMICH password
- If you suspect your U-M account has been compromised or stolen:
- Change your UMICH (Level-1) password. For instructions and tips, see Choosing and Changing a Secure UMICH Password.
- Set new security questions if you had previously set them in UMICH Account Management.
- If you suspect a personal account has been compromised, change the password for that account. Choose a strong password and make it unique to that account. Do not use the same password for multiple accounts; that puts all your accounts at risk if one is compromised.
- Report a suspected compromised U-M account immediately to the ITS Service Center or, at the U-M Health System, to the UMHS Service Desk (MCITServiceDesk@med.umich.edu).
- If you suspect a personal account has been compromised, check the account documentation to find out how to report the compromise.
Monitor your accounts
- Check your U-M Google email for suspicious activity. Make screen shots showing any settings that have been tampered with to include in your report of the incident.
- Check activity on your account by clicking the Details link at the bottom of your inbox (when accessing your mail from a Web browser). See Google's Last account activity help. Click the Sign out all other web sessions button if you see suspicious activity.
- Check the Trash and Sent mail folders for messages you didn’t send or delete.
- In your Mail Settings, review Forwarding and Filters and delete those you don’t recognize.
- In your Mail Settings, under Account, check the settings for Send mail as and Grant access to your account to be sure these have not been changed.
- Learn more about monitoring and securing your Google Mail, as well as about protecting your personal information and privacy, at Google: My Account.
- Check your other U-M services for suspicious activity. For example, look for files in your online storage space, such as MFile, that you did not put there.
Turn on Two-Factor for Weblogin
- Your password needs a partner! To add extra protection to your account, turn on two-factor authentication for Weblogin (the login page for Wolverine Access, U-M Google, U-M Box, and more).
- When you have two-factor authentication turned on, anyone trying to access your U-M account must provide two proofs of ID. The two factors, or proofs of ID, are:
- Something you know - your password.
- Something you have, such as a passcode, a phone, or even a mobile app.