Manage Your Passwords

When you create a password, make it:

  • Long—9 or more characters. The longer, the better.
  • Easy for you to remember

To help you do that, use a passphrase or a sequence of multiple unrelated words. You will also need to meet any password complexity requirements of the site or service the password is for. Such requirements may include use of upper- and lower-case letters, numbers, and so on.

Expand All Content

UMICH (Level-1) Password

Choose a secure UMICH password.

For information on how to do this, see Choosing and Changing a Secure UMICH Password.

Set account recovery information in case you forget your UMICH (Level-1) password.

See instructions for setting account recovery. If you forget your UMICH password, you can request that a password reset code be sent to you at your account recovery address.

Check your UMICH password regularly, and change it if it is at risk.

We recommend that you change your UMICH password it if it is at risk or it has been a long time (a year or more) since you last changed it. See the Password Security Checklist for more information.

Turn on two-factor for Weblogin.

Turn on two-factor for Weblogin to protect your personal information: direct deposit information and W-2s in Wolverine Access, as well as your information in U-M Google, U-M Box, Canvas, and more.

Michigan Medicine (Level-2) Password

Choose a secure password and change it according to Michigan Medicine guidelines.

See Level-2 Password in the Michigan Medicine Knowledgebase for instructions on changing this password. Level-2 passwords must be changed at least once each year; these passwords expire after 365 days if they are not changed.

Use Duo two-factor security with your Level-2 password when required.

Some Michigan Medicine services require the use of two-factor authentication for access. For details, see Duo Two-Factor Security in the Michigan Medicine Knowledgebase.

Other Passwords

Never use your UMICH password for non-university services.

How to keep track of multiple passwords.

Some ways to keep track of multiple passwords:

  • Memorize them all. Some people with good memories can create multiple passwords with a single theme or follow some other strategy that helps them remember all their passwords.
  • Write them down and store them in a secure place. Do not leave them where others can see them or find them. Keep them locked up if at all possible. Store them as you would any other valuable item. Do not store them in a document on your computer unless you have encrypted the file.
  • Use password management software. Password management software lets you store multiple passwords in encrypted form so you don't have to remember them. You can access all your passwords using one master password.

Use two-factor authentication wherever possible.

Stop password thieves from getting into your accounts by adding a layer of security to block them. You can turn on two-factor for many types of personal accounts.

Units can implement Passwordstate through a U-M license.

Units on all U-M campuses may implement Passwordstate through a U-M license for use by their faculty, staff, and students. Use of U-M's Passwordstate license is intended for unit implementations; it is not available to individuals other than through their units.

For details, see Passwordstate Use at U-M.