What password(s) do I use when logging in with my uniqname?
Nearly everyone who uses the Internet has passwords; whether for instant messaging, social networking, managing finances, or a myriad other cases where authentication is necessary. As a member of the University of Michigan College of Engineering, you have at least two passwords. This page provides a brief explanation of these two passwords, why there are multiple passwords, and how the passwords should be used.
Protecting Your Password is Important
U-M computing account holders are frequently targeted by malicious intruders ( hackers) in an attempt to obtain their passwords. Once an account has been compromised, a hacker can use it for any number of destructive or illegal purposes. Furthermore, when a hacker uses your account to conduct their devious deeds, they are essentially doing it under an assumed name: Yours!
Selecting a good password can help ensure that hackers will be unsuccessful in their attempts. Remember to change your passwords at least once every term (if not more often). If you have questions about changing your password, or if you are unable to change your password successfully, visit the CAEN Hotline.
By virtue of having a University of Michigan uniqname, all U-M computing account holders are issued two passwords: a password for the UMICH.EDU Kerberos realm and a password for U-M Windows Active Directory in the UMROOT domain, both of which are managed centrally by ITS. While technically separate passwords, ITS has implemented a system to "sync" them into a single UMICH password.
Kerberos is an authentication method developed by MIT in the late 1980s that enables someone to prove their identity to a computing service in a secure way, protected from eavesdropping. Your UMICH.EDU Kerberos password is used for authentication to ITS and CAEN services, and once provided successfully, authorizes you to use IFS file storage, email, and many other campus computing resources available to the University of Michigan community.
U-M Windows Active Directory (UMROOT)
Most U-M Windows computers utilize Windows Active Directory for authorization to services. Windows Active Directory is a system developed in the 1990s by the Microsoft corporation to manage users, computers, and access policies. Active Directory uses a "trust" system to grant access to the services it manages, and by authenticating with your uniqname and U-M Windows Active Directory password, you will be able to access the Windows services provided by CAEN. The U-M Windows Active Directory domain is called UMROOT.
|UMICH.EDU Kerberos||U-M Web Login Services|
U-M Google Accounts
ITS Login Server
ITS AFS Personal Storage
CAEN Linux Login Service
|U-M Windows Active Directory||CAEN Lab Computers|
CAEN Online File Storage
Syncing your Passwords
In order to log into Microsoft Windows on a CAEN computer, you must authenticate using your UMROOT password. Once logged in, you will gain access to software, your CAEN online file storage, and other Windows services automatically.
In most cases, your UMROOT password will be the same as the UMICH.EDU Kerberos password you use for other services, like Wolverine Access. In some cases, however, your passwords may be out of sync. For example, if you have trouble logging into Microsoft Windows on a CAEN computer, you should visit the ITS password page, below, to reset (or sync) your passwords:
If you have trouble changing your password, contact the ITS Service Center for assistance.
General Guidelines for Selecting a Password
Use these suggestions as a guide to selecting a good password - one that is not easily guessed:
- DO make your password at least nine characters in length -- the longer, the better.
- DO mix upper-case and lower-case letters.
- DO use at least one non-alphabetic (e.g. 0-9, %, ^) character.
- DO change your password often!
- DO NOT tell anyone your password!
- DO NOT write your password down...memorize it!
- DO NOT make your password a word contained in any dictionary, in any language.
- DO NOT use personal information that could be easily guessed, for example: Mother's maiden name, Social security number, Phone number, Address, Birthdays, First or Last Name, etc.
- DO NOT use your U-M passwords for non-University Internet services like online shopping or third-party email accounts. It is recommended to have a different password for each of your online accounts.