X
Home Information Technology Services Security Password Security

Password Security

What are the guidelines for choosing a password at the University of Memphis?

The University requires all Universal User ID (UUID) account passwords to meet the following criteria:

  • You cannot select a password you have used previously
  • Passwords must be at least 15 characters long
  • Passwords must include characters from at least three of the following categories:
    • lowercase letter (e.g. a,b,c)
    • uppercase letter (e.g. A,B,C)
    • number (e.g. 1,2,3)
    • special character (e.g. _ ! $ % ^ * + -)
  • You cannot use your first name, middle name, last name, UUID or Tiger in your password
  • Use at least two alphabetic characters (a-z, A-Z)
  • Use at least two non-alphabetic characters (e.g. 0 1 2 3 _ ! $ %)

How do I change my password?

You can create a new password using the iAM Identity Management system:

1. Go to iAM.memphis.edu and sign in using your current password.
2. Click the "Change Password" link.
3. Follow the instructions to change your password.

Note: If you have recently changed your password, forget and re-add all UofM wireless networks on your all devices. For more help connecting to on-campus wireless networks, visit our wireless page.

How do I reset my password?

If you have forgotten your password, you have two options to manually reset it: answering the security questions you established during account setup or having a reset code sent to your personal email address. In order to use the email option, you must have a personal (not memphis.edu) email address in Banner, which can be accessed in the Personal Information section of the myMemphis portal. For students, this section is located in the Student Pages tab within My Resources. For faculty and staff, access is available on the Employee tab.

Visit our password reset information page for a detailed walkthrough of the password reset process.

Password Change Frequency at the University of Memphis

Effective July 1, 2020, UUID password expiration is no longer required for individuals who utilize multi-factor authentication (Duo Account Security). Duo enrollment is required for all students, faculty and staff.

For any existing users not enrolled in Duo, the University requires UUID passwords to be changed every 6 months to help keep it secure. Other ways to keep your password secure can be found below.

Best Practices when choosing a Password

  • Avoid using your Universal User ID (UUID), a dictionary word, or numbers associated with your personal information.
  • Avoid reusing any past or current passwords.
  • Keep it secure.
  • Avoid storing passwords where they are visible or in an unlocked desk.
  • No matter how complex a password is, if you write it down it is NOT secure.

Password Security - Why should I care?

Your UUID and password give you access to all of the University's computing services. Every time you connect to the network, you enter your password to prove you are who you say you are. Should someone else else guess or steal your password, they can masquerade as you, which means the intruder would have access to your files, email, funds, personal information, etc. In short, an insecure password can easily wreak havoc in your life.

Examples of bad passwords:

  • Your name (even maiden names or your name spelled backwards is easy to guess)
  • Your UUID in any form
  • Name of a close relative, friend, or pet
  • Phone number, office number, address, or town
  • Birth date or anniversary date
  • Favorite sports team
  • License number, SSN, or any all-numeral password
  • Names from popular culture (Beatles, Spiderman, etc.)

How Can I Protect My Password?

  • Safeguard your password. Treat all passwords as restricted University information.
  • Take responsibility. You are responsible for the security of your passwords and accountable for any misuse if your passwords are disclosed or compromised.
  • Make your password unique. Do not use your UofM password for any other services offered elsewhere (i.e., personal Internet account, free e-mail account, instant messaging account, etc.). Your University password should be unique from every other password you use. This will limit your exposure if any of your passwords are compromised.
  • Avoid using the "Remember Password" feature. This feature, typically used to access secure applications, does not adequately protect passwords. It may be possible for a computer virus or unauthorized user to gain access to this stored information.