What are the guidelines for choosing a password?

• Use at least six characters; the more characters the better, as long as you can remember them.
• Use both lower and uppercase letters.
• Use at least two numbers in the middle of your password.
• Avoid using your Universal User ID (UUID), a dictionary word, or numbers associated with your personal information.
• Avoid using blank spaces.
• Avoid reusing any past or current passwords.
• Make your password easy for you to remember but hard for someone else to guess.  In this way your password is really a "pass phrase."  For example:  The phrase "A pass phrase is more secure" becomes "aPassPhras3isM0r3S3cur3"

Best Practices

• Once you have created your password, keep it secure.
• Avoid storing passwords where they are visible or in an unlocked desk.
• Change passwords regularly and frequently.

No matter how complex a password is,
if you write it down,
it is NOT secure.

Why should I care about password security?

Your UUID and password give you access to all of the University's computing services.  Every time you connect to the network, you must enter your password to prove you are who you say you are.  Should someone else else guess or steal your password, they can masquerade as you, which means the intruder would have access to your files, email, funds, personal information, etc.  In short, an insecure password can easily wreak havoc in your life. 

A compromised password not only puts your own information at risk,
it may also expose sensitive data and systems.

What are some examples of bad passwords?

• Your name in any form (even maiden names or your name spelled backwards is easy to guess)
• Your UUID in any form
• The name of a close relative, friend, or pet
• Your phone number, office number, address, or town
• Your birth date or anniversary date
• Simple variants of words (even foreign words) or well-know patterns
• Your favorite sports team
• Your license number, SSN, or any all-numeral password
• Names from popular culture (Beatles, Spiderman, etc.)

Guidelines for Protecting Your Password

• Safeguard your password.  Treat all passwords as restricted University information.
• Take responsibility. You are responsible for the security of your passwords and accountable for any misuse if your passwords are disclosed or compromised.
• Make your password unique.  Do not use your U of M password for any other services offered elsewhere (i.e. personal Internet account, free e-mail account, instant messaging account, etc.)  Your University password should be unique from every other password you use.  This will limit your exposure if any of your passwords are compromised.
• Avoid using the "Remember Password" feature.  This feature, typically used to access secure applications, does not adequately protect passwords.  It may be possible for a computer virus or unauthorized user to gain access to this stored information.