Passwords at U-M
Overview
Nearly everyone who uses the Internet has passwords; whether for instant messaging, social networking, managing finances, or a myriad other cases where authentication is necessary. As a member of the University of Michigan College of Engineering, you have at least two passwords. This page provides a brief explanation of these two passwords, why there are multiple passwords, and how the passwords should be used.
Protecting Your Password is Important
U-M computing account holders are frequently targeted by malicious intruders (hackers) in an attempt to obtain their passwords. Once an account has been compromised, a hacker can use it for any number of destructive or illegal purposes. Furthermore, when a hacker uses your account to conduct their devious deeds, they are essentially doing it under an assumed name: Yours!
Selecting a good password can help ensure that hackers will be unsuccessful in their attempts. Remember to change your passwords at least once every term (if not more often). If you have questions about changing your password, or if you are unable to change your password successfully, visit the CAEN Hotline.
Passwords at the University of Michigan
| Password | Example Services |
|---|---|
| UMICH.EDU Kerberos |
U-M Web Login Services |
| U-M Windows Active Directory |
U-M Exchange Accounts |
By virtue of having a University of Michigan uniqname, all U-M computing account holders are issued two passwords: a password for the UMICH.EDU Kerberos realm and a password for U-M Windows Active Directory in the UMROOT domain, both of which are managed centrally by ITS.
UMICH.EDU Kerberos
Kerberos is an authentication method developed by MIT in the late 1980s that enables someone to prove their identity to a computing service in a secure way, protected from eavesdropping. Your UMICH.EDU Kerberos password is used for authentication to ITS and CAEN services, and once provided successfully, authorizes you to use IFS file storage, U-M E-Mail, and many other campus computing resources available to the University of Michigan community.
U-M Windows Active Directory (UMROOT)
Most U-M Windows computers utilize Windows Active Directory for authorization to services. Windows Active Directory is a system developed in the 1990s by the Microsoft corporation to manage users, computers, and access policies. Active Directory uses a "trust" system to grant access to the services it manages, and by authenticating with your uniqname and U-M Windows Active Directory password, you will be able to access the Windows services provided by CAEN. The U-M Windows Active Directory domain is called UMROOT.
Syncing your Kerberos & Windows Active Directory Passwords
In order to log into a CAEN computer running Microsoft Windows, you must authenticate using your U-M uniqname and UMICH.EDU Kerberos password. The system then uses a pass-thru authentication method to gain your UMROOT Windows Active Directory credentials, allowing you to access your CAEN online file storage and other services automatically. If the two passwords are "out-of-sync," this process could fail and prevent you from using all of the computers resources.
In order to prevent this, CAEN recommends that all CAEN Account holders set their UMROOT Windows Active Directory password to be the same as their UMICH.EDU Kerberos password. To accomplish this, visit the following web page:
If you have trouble changing either of these passwords, contact the ITS Service Center for assistance.
General Guidelines for Selecting a Password
Use these suggestions as a guide to selecting a good password - one that is not easily guessed:
- DO make your password at least nine characters in length -- the longer, the better.
- DO mix upper-case and lower-case letters.
- DO use at least one non-alphabetic (e.g. 0-9, %, ^) character.
- DO change your password often!
- DO NOT tell anyone your password!
- DO NOT write your password down...memorize it!
- DO NOT make your password a word contained in any dictionary, in any language.
- DO NOT use personal information that could be easily guessed, for example: Mother's maiden name, Social security number, Phone number, Address, Birthdays, First or Last Name, etc.
- DO NOT use your U-M passwords for non-University Internet services like online shopping or third-party email accounts. It is recommended to have a different password for each of your online accounts.
