The UMICH Password Hub is the mechanism used to synchronize passwords among U-M systems to minimize the number of user IDs and passwords you need to keep track of.
Seamless Integration and Synchronization
ITS uses MCommunity as the secure UMICH Password Hub to provide seamless integration with several different systems used for logging in to university computing services. UMICH (Level-1) passwords are synchronized to
- Kerberos. U-M's Kerberos implementation is the authoritative source for UMICH passwords. Kerberos underlies Cosign, which is used when you log in to websites through the U-M Weblogin page on the web.
- U-M Google Apps for logging in to U-M Google.
- Active Directory (UMROOT) for logging in to MWireless, MiWorkspace computers, and other services that use Active Directory for login, including department and lab computers at UM-Dearborn.
- Flint Active Directory for LAN accounts on the UM-Flint campus. These means that for people on the UM-Flint campus, their UMICH password and their LAN password are the same.
Password Management Remains Local to U-M
By using the UMICH Password Hub in MCommunity, management of password changes and resets is kept within the university so that appropriate security can be assured. Members of the U-M community use the U-M Change Password page within UMICH Account Management when they wish to change their UMICH password. (See also Choosing and Changing a Secure UMICH Password.)
Password changes are not allowed in the systems that use passwords synchronized from the UMICH Password Hub. For example, users of U-M Google cannot change their password from within U-M Google. This capability has been turned off. U-M users must use a U-M system for changing their UMICH password.
Reduced Risk and Complexity for Users
By enabling the use of the UMICH password for cloud-based and other new services, vulnerability to phishing and other social engineering attempts at password theft is reduced. In addition to being difficult for users to keep track of, multiple passwords can create confusion that puts people at risk for such attacks.
Encrypted and Secure
UMICH passwords are stored in encrypted form in the MCommunity Identity Vault. It's called a vault for a reason. It is protected, secure space.
MCommunity has the ability to further encrypt passwords according to the specifications required by systems such as Google, Microsoft Active Directory, and others used for services provided to the university. MCommunity sends encrypted passwords to other systems only over a secure connection. ITS Information and Infrastructure Assurance has reviewed the encryption and transfer processes and finds them trustworthy and secure.
About IT Policy
For U-M's information technology policies, including those concerning security and privacy, see General Information Technology Policies.