Purpose
This article guides you through creating a strong, secure password (or passphrase) for your UM account that meets the University of Montana’s required standard. A well-constructed and unique password helps protect your personal information, your work, and the University’s systems.
Why it matters
-
University systems hold data including Personally Identifiable Information (PII), Personal Health Information (PHI), and other sensitive material. By choosing a strong password, you help prevent unauthorized access.
-
Weak, reused or guessable passwords are one of the most frequent vulnerabilities exploited by attackers.
-
The UM Account Security Standard sets minimum requirements to reduce risk; and industry guidance from NIST and Stay Safe Online emphasise length, uniqueness, and avoiding reuse.
Guidelines
1. Use Strong Passphrases
-
Length matters. Your passphrase should be at least 13 characters.
-
Keep each one unique. Never reuse your UM passphrases across multiple UM accounts, or between UM and personal accounts.
-
Make them memorable. Memorable but not guessable.
-
Use a password manager. A password manager can help create and manage strong, unique passphrases for all accounts.
-
Only you should know your password. If you suspect your passphrase has been compromised, reset it immediately and report the incident via email to infosec@umontana.edu.
2. Protect with Multi-Factor Authentication (MFA)
UM currently uses Duo as the primary MFA solution for user accounts. With Duo, you can choose between:
Tips for using Duo safely:
-
Always approve only the requests you initiated. If you receive an unexpected push or call, deny it — this may be an attack attempt.
-
Avoid MFA fatigue. Don’t approve repeated requests if you’re not logging in yourself.
3. Account Safety at UM
-
Think before you click. Be cautious with email links and attachments.
-
Keep an eye on Duo. Never approve a login you didn’t initiate.
-
Report issues quickly. If anything seems unusual with any of your UM accounts, contact UM IT for help.