Communicating Passwords Securely to Sponsored People

How to communicate a UMICH (Level-1) password that you have set or reset in the MCommunity Sponsor System to a sponsored person or requester securely to ensure that only the intended recipient has access to the password.

Giving a Password to an Individual

When you sponsor an individual or reset their password in the MCommunity Sponsor System, you will see the assigned temporary password on your computer screen. Give the password to the sponsored person securely:

  • Tell it to them in person. Do it verbally or hand them a piece of paper with the password on it. Do not write it down anywhere else.

  • Tell it to them verbally over the phone. Be sure you are speaking to the right person. Do not leave the password in voicemail that someone other than the sponsored person might be able to access.

Do not send a password via email. Email is not secure enough for sending passwords.

Inform the sponsored person that the initial or reset password is intended to be temporary. The sponsored person should visit UMICH Account Management: Change Password as soon as possible to change the password to something private that he or she can remember.

Giving Passwords to Multiple People

If you sponsor multiple people at once by uploading a file, such as a group of conference participants, you will see a list of uniqnames and passwords on your computer screen at the end of the sponsorship creation process. You may need to give this list to a requester, such as a conference organizer or some other person at the university who will convey the passwords to the sponsored individuals. Provide the list of passwords using either a paper copy of the list or secure electronic storage.

Using a Paper List of Passwords

  • Hand the paper copy of the list to the person who will distribute the passwords to the sponsored individuals (most likely the requester).

  • Ask them to communicate the passwords securely, doing so in person and not sending them via email.

  • Do not leave the paper list on a printer or elsewhere where anyone else could see it. Delete the file from your computer as soon as you no longer need it.

  • Once the passwords have been distributed, shred any copies of the paper list.

Sharing the List of Passwords Using Secure Online Storage

  • Upload the list to a secure location that only you and the requester can access. Use secure departmental file space or Box at U-M (see instructions below) to securely transfer the file.

  • Do not send the file via email as an attachment.

Communicating a Password List with U-M Box

These directions explain how to securely share a password list using the Box web interface. If you choose to share a password list using the Box app on your phone or mobile device, you must still use the settings outlined below to ensure that passwords are shared securely. U-M faculty, staff, students, and sponsored affiliates receive U-M Box accounts when they get their uniqname.

  1. Create a new U-M Box folder for the password file.

  2. In the Create New Folder box that appears when you create your folder, click the Keep private for now radio button. Then click Okay.

  3. To the right of your new folder's name, next to the Share link, click the button with three dots on it to activate a pop-up menu.

  4. From that pop-up menu, select Properties, then Folder Settings.

  5. Scroll down further to the Automated Actions section.

    1. Check the Auto-delete this folder on a selected date checkbox, and enter a date for the folder to be deleted. Choose a date that allows the list recipient enough time to get the list. You might allow an extra week or two, but do not leave the password file available for an extended period of time.

    2. Scroll back to the top of the page, and, in the upper right corner, click the Save Changes button.

  6. Invite collaborators by clicking on the Invite People button in the right hand column of the U-M Box window.

  7. In the Invite to <your folder> window that pops up:

    1. In the Invite box, enter the email address (usually in the form of of the person to whom you are providing the passwords.

    2. In the Invited Permission drop down box, select Previewer.

    3. In the Personal Message (Optional), add a note to this effect:

      This folder will be used for sharing a file of passwords for sponsored people. Watch for another email when the file is available.

    4. Then click Send Invites.

  8. If you are not already inside your new folder, find it in your folder list and click it to open it. Upload the password file to the secure folder by clicking the Upload button, then Files, and choosing the file you need to upload. The recipient will receive a notice that you have added a file to the shared folder.

  9. Share the file by clicking the Share link to the far right of the file name. In the Shared Link for <your file name> dialog box:

    1. In the Email Address box, type the email address (usually in the form of of the person to whom you are providing the password list.

    2. In the Message box, type a message that lets the recipient know how long the password file will be available. Ask them to convey the passwords to the intended recipients securely and ensure that no one else has access to them. We have provided some text below that you can copy and paste into your message if desired.

      <Recipient Name>: You can use this link to access the requested login and password information I have shared with you. Please be aware that the file will automatically be removed on <Date of Expiration>. You are responsible for keeping the information provided secure. Please make sure to give this information only to those who need it, and please make sure to securely destroy/delete any copies of this information.

    3. Click Send.

Tip to Share with Password Recipients

Last Updated: 
Monday, December 11, 2017