It’s 2022. Let’s leave reusing passwords in the past 

March 3, 2022  //  FOUND IN: Updates & Resources

The third month of the year is typically when “New Year” habits begin to fade away. But beware, not reusing passwords needs to remain a habit all year long.

In addition to phishing, reusing passwords across multiple websites and apps is one of the most common ways to potentially expose yourself — and the institution — to cyber threats. 

Understanding U-M’s two different level of passwords (Level-1 and Level-2), along with General Guidelines for Creating a Secure Password*, is imperative to ensuring we work together to protect our patients, workforce, and institutional information. 

*Even though these guidelines refer to Level-1 passwords, following them across other professional and personal accounts is highly recommended.  

Let’s take a look at password safety: 

  • Passwords are your first line of defense

Passwords are your first line of defense against any unauthorized access to your IT systems. Thus, the amount of effort it takes to generate unique passwords — whether you use a password manager or create it the old-fashioned way — is worth it in the long run.

  • There are many dangers of password reuse

Multiple accounts compromised: If the reused password is compromised, it makes it easier for threat actors to hack into your other accounts.

Puts your corporate accounts at risk: If your personal account gets involved in a data breach, chances are, your corporate accounts will also be at risk if you were recycling the same password. So, you are not only jeopardizing your own security but also the security of your organization.

  • Best practices for passwords  

Use strong, unique passwords

Using the same (or the same few) password(s) everywhere endangers all your user accounts when your password gets compromised. Cybercriminals are well-aware that most people reuse their passwords. When they successfully steal one, they will try it on many user accounts. When you use unique passwords, they can’t access your other accounts.

Use two-factor authentication

Two-factor authentication is a second barrier in addition to your password that protects your user account. It makes it a lot harder for criminals to use stolen user credentials. Two-factor authentication is required on some U-M resources, but you should enable this feature on personal accounts, whenever possible.

Use a password manager

Michigan Medicine recommends the use of a password manager, an application that can store unique login credentials to many different websites, services, etc., in one location, under one primary password.

For more information, please visit the Safe Computing website.