You are here

Security Practices

Don't use unfamiliar networks

With the proliferation of wireless technology -- including "mobile hotspots" -- you will undoubtedly find a lot of WiFi networks to choose from when you scan the area. Most networks will be password protected by the owners and therefore unusable to you. While at the University of Michigan, you should always use MWireless with your uniqname and U-M password. You are putting yourself and your data at risk if you connect to an unsecured WiFi network that does not require a password to use.

Protect Mobile Devices

Security of information at the University of Michigan is a top priority. We must handle all sensitive information entrusted to us with care. Storing such data on a mobile device that is easily lost or stolen places it at risk for exposure. Please protect yourself, your research, and the University by following these best practices:

  • Avoid storing sensitive information on laptops or thumb drives. Access your data from a secure server instead.
  • Follow the U-M Standard Practice Guide 601.27 requiring that Social Security numbers used, stored, or transmitted on records or record systems be encrypted or properly secured.
  • Never leave your laptop unattended. Lock your laptop out of sight when not in use.
  • If a mobile device containing sensitive data is lost, it should be reported immediately.


It is your responsibility to protect your password and guard against unauthorized use of services in your name.

  • Do not share your login and password. No one should ask you for it. Your password allows anyone to send an e-mail message in your name, as well as access, change, or delete your private files.
  • Do not leave your computer unattended while logged in. Use a locked screen saver, or log out and log back in if necessary.
  • Memorize your password. Do not write it on paper.
  • Change your passwords once every six months. You may change your password by following this link.

Protect Yourself from Phishing

Phishing emails are scams designed to steal your password and gain access to your account. If criminals compromise your U-M account, they can change your direct deposit information and view your W-2 in Wolverine Access, send email in your name, and more. Follow these tips to protect yourself:

  • Turn on two-factor for Weblogin. This extra layer of security stops criminals from using a stolen password to compromise your account.
  • Check the address or URL on login screens before entering your password. On the U-M Weblogin page, check that the URL begins with before entering your UMICH (Level-1) password. Also see Look Before You Log In.
  • Check links in emails before clicking them. Hover over the link with your mouse to reveal the URL. On a touch-screen device, you can usually touch and hold down the link to reveal the full URL.
  • Check before opening shared documents and email attachments. If the message seems at all suspicious, don't open the document or attachment. The sender address may be forged. Contact the person the message appears to be from, via phone or in person, to ask if they sent the message or not. Also see Shared Document Emails Can Be Traps.
  • Hone your phish detection skills by playing U-M's online game: Don't Fall for Phish!

Protect Pass-phrases

When using pass-phrases as passwords, we recommend that you consider the following:

  • Don't Share Them
  • Change Them Often
  • Be Creative: