Your Directory ID and password are used daily to perform necessary tasks at the university. Not only do they give you access to your e-mail, electronic timesheet, and UMEG, but they also allow you to access and update sensitive information in the University Directory, ARES, and other systems. It is important to establish and abide by good practices in managing IDs and passwords in order to protect your personal information. Several changes are being implemented to assist in this effort.

Two new introductions arrive this semester. The first is a requirement for stronger passwords. When resetting or creating a new Directory password, there are several rules that must be met:

• Passwords must be at least eight characters long.
• Passwords must include characters from at least three of the following categories: uppercase letters, lowercase letters, numbers, special characters.
• Passwords may not contain spaces.
• Passwords may not be more than 32 characters long.

You will not be able to choose a password that does not meet these guidelines.

The second new introduction is a self-service process that allows you to change your own password, even if you have forgotten your old one. In order to take advantage of this system, you will have to first log into the University Directory, and then select and answer several security questions. Your answers will be saved. If you forget your password in the future, you can answer the security questions you chose and provide some other identifying information (such as your university telephone number), thus proving your identity. Then you can select a new password. This system will make it more convenient for you to change your Directory password, as your opportunity to make these changes will not be limited to Help Desk service hours. To set up your security questions, go to www.directory.umd.edu and click on Set or Change Your University Directory Password Security Questions.

Other changes that will take place in the near future include mandatory password changes every 90 days and automatic account lockouts for repeated failed login attempts. The implementation of these changes is still being planned, and they may cause some temporary inconvenience, but we must all do our part to improve system security and protect our own and our fellow university community members’ sensitive information.