ITS periodically conducts an audit of all UMICH passwords for those that are weak. Weak passwords can be exploited by malicious attackers who seek access to university networks and data.
The automated test identifies uniqnames with UMICH passwords that do not meet the university's current password strength requirements. Most people at U-M have strong passwords because of the password strength checker that is now built in to the U-M Change UMICH Password page. People with weak passwords are asked to use that page to select a stronger password.
ITS provides lists of the uniqnames of members of the university community who have weak passwords to security unit liaisons. Those unit liaisons may then contact the people in their units and ask them to change their password to something stronger. If your unit's security liaison asks you to select a stronger UMICH password, please do so.
ITS contacts those with weak passwords not covered by a security unit liaison and provides them with instructions for choosing a secure password.
University of Michigan staff will never ask you to confirm your identity, provide your UMICH password, or provide confidential or personal information in email. They may ask you to change it yourself to make it stronger.