UC Username & Password
Securely log into online accounts, services, and tools with your UC Username and UC Password.
Password Self Service
Set up your Password Self Service profile. Password Self Service (PSS) allows you to reset your password without calling the IT@UC Service Desk.
Two-Factor Authentication (DUO)
In addition to your password, UC requires an additional layer of security with Two-Factor Authentication (Duo) when you log into almost all technology services.
Login and Password Requirements
To help protect your information, we require that you always create a strong password. UC passwords must contain:
- At least one lowercase letter
- At least one uppercase letter
- At least one number
- Must be a minimum length of eight characters
Passwords may not contain any form or part of your name or your username. The system also remembers passwords you have already used and will not allow you to reuse an old password.
General Password Selection Guidelines
Choose a password that will be easy for you to remember. To ensure a secure password without any doubts that it could be hacked, try picking all the first or last letters from each word and then substitute some letters with numbers and symbols. You can then apply a capital to some letters (the first and last, or second to last, etc.) You could also keep or add punctuation, all optional of course.
|"So long and thanks for all the fish"||slatfatf||5L@tf@tf|
|"Best Series Ever: Terry Goodkind's Sword of Truth"||bsetgsot||B53:tg'Sot|
|"You Can't Have Everything. Where Would You Put It?"||ychewwypi||Uch3Wwup1?|
If you are selecting a password for a website, you may want to incorporate the first few letters of the website name into your password so that every password is different and if one gets out, you do not have to change them all. This approach has good points, but also some bad points too. If you also have a standard password such as B53:tg’Sot (see table above) that you like to use on on other websites, you may want to add slight modifications to your password by switching the first and last letter of the website around it.
You may not want to choose:
- Your name in any form—first, middle, last, maiden, spelled backwards, nickname, or initials.
- ID number.
- Your User ID or name.
- The name of a close relative, friend, or pet.
- Your phone or office number, address, birthday, or anniversary.
- Acronyms, geographical or product names, and technical terms.
- Any all-numeral passwords, e.g., your license plate number, or social-security number.
- Names from popular culture.
- A single word either preceded or followed by a digit, a punctuation mark, up arrow, or space.
- Words or phrases with all the vowels or white spaces deleted.
- Words or phrases that do not mix upper and lower case, or do not mix letters or numbers, or do not mix letters and punctuation.
- Any word that exactly matches a word in a dictionary, forward, reversed, or pluralized, with some or all the letters capitalized, or with any of the following substitutions: -a -> 2, a -> 4, e -> 3, h -> 4, i -> 1, l -> 1, o -> 0, s -> $, s -> 5, z -> 5
Why do I need a complex Password?
When trying to crack a password, there are various methods that can try millions of word variants per second. So, the more complex your password is with a combination of letters and special characters, the more secure your account will be.
Notifications of Expiration
Passwords at UC expire on a periodic basis. Some applications do not inform you ahead of time when your password is going to expire, and you only find out when it asks you to select a new one.This can be inconvenient and difficult when having to produce a new password suddenly.
Luckly, IT@UC has created a system to notify you in advance that your password is about to expire. These notifications will be sent to you via email.
Phishing attempts do arise from time to time, so we recommend that you familiarize yourself with how the real password expiration emails look like and their security features.
For example: If an email regarding passwords begins with, "Dear User," asks you to send a password, provides a clickable link, or tries to send you to a site not inside of www.uc.edu, then it is in fact a phishing attempt.