DIGITAL SELF DEFENSE:
how to create a
secure passphrase
Passphrase - the next generaon in passwords!
0
1
0
1
0
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
1
1
0
0
1
0
0
1
0
1
0
1
the easiest solution:
use a password safe
Password safes save your passphrases or passwords
securely, allowing you to save informaon on your
personal computer without giving away private
informaon inadvertently. They can also generate
random passphrases for each of your accounts.
These password safes store all of your passphrases in
a single account, which has a master passphrase you
need to remember. Password safes allow you to use
truly random combinaons in all other passphrases,
making them more dicult for malicious users or
bots to crack. Two examples of these services are
LastPass and Password Gorilla.
when to change your
passphrase
Passphrases should be changed:
• Whenever a malicious program such as a virus
is detected or a machine is compromised
• Whenever leaving a job or starng a new one
• From any default passphrases
• If they are shared with anyone at any me
get informed
Visit the UBIT website to read the security standards,
access security tools and soware, or nd out more
ways to protect yourself.
UB INFORMATION SECURITY OFFICE
www.bualo.edu/ubit/security
sec-oce@bualo.edu
(716) 645-6997
01
01
0
0
1
0
1
0
0
1
0
0
1
0
1
0
If you have forgoen your
passphrase or believe it has been
compromised, contact the
UBIT Help Center:
716-645-3542
Email: ubithelp@bualo.edu
Content used with permission from Rochester Instute
of Technology. Updated 8/1/17.
10
10
0
1
10
01
0
1
0
1
0
0
1
0
1
0
0
1
0
1
0
0
1
0
1
0
1
0
0
1
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
0
1
0
0
0
1
0
1
0
1
0
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
00
10
1
01
0
0
10
100
1
0
1
0
1
0
1
protect your passphrase
There are several dierent ways someone can acquire
your passphrase:
• Cracking: Password cracking programs are
designed to guess the most common passphrases
rst. Most current programs can make over one
million crack aempts per second.
• Malware: Password stealers and keyloggers are
oen packaged with viruses and spyware. Always
run up-to-date an-virus.
• Social Engineering: Never give away your
passphrase to anyone, even someone claiming to
work for a help desk.
• Phishing: Universies and companies will never ask
you to conrm your passphrase through email, so
don’t click on links in an email asking you to do so.
Type the URL into a Web browser manually.
why use a secure
passphrase?
If someone cracks your passphrase, they can:
• Obtain your personal informaon, which can lead
to identy the
• Gain access to your email account to read and send
email
• Access MyUB, HUB Student Center or other
services
• Access condenal UB informaon on the
university’s network
• Gain informaon about your registered
computers at UB and register their
own on your UB account.
what is a secure
passphrase?
A secure passphrase is the next generaon
in passwords. It uses a short phrase instead of
a single word, making it more dicult for someone
else to guess or use.
It should be virtually impossible for others to guess,
and not contain or be based on personal
informaon. Passphrases should never be wrien
down or given to anyone else.
what should I avoid?
There are many ways people try to make their
passphrases easier to remember. Password cracking
programs look for the most common passwords rst.
Passphrases should NOT:
• Contain your UBITName
• Be the same as other passphrases you are
currently using (including non-UB services)
• Be a single word, forward or backward, from an
English or foreign diconary
• Contain more than three sequenal characters
on a keyboard (ex: qwerty or 1234)
• Contain more than two consecuve repeang
characters (bbbb2bbb)
• Be all numbers such as birth or anniversary
dates (ex: 011551)
• Be shared with anyone for any reason
how do I create an easy
to remember
passphrase?
Here are three simple ways to construct a secure,
easy to remember passphrase:
1. Create a passphrase by taking a short phrase and:
• Change the capitalizaon of some of the leers
• Replace some of the leers with numerical and
symbolic substuons ($ for S, 8 for B)
• Misspell or abbreviate some words
(E.g., the phrase “iced tea is great for summer”
becomes “!cedTisgr84$umm3R”.)
2. Choose several shorter words and add some
numbers in the center, then change the
capitalizaon and substute symbols for leers.
(E.g., the phrase “book 451 Bradbury” becomes
“bO()K451BR^Dbury”.)
3. Choose a memorable quote or phrase and use
only the rst leer from each word. Vary the
capitalizaon.
Also include numbers and symbols, either as
substuons for leers or as a replacement for a
full word. (E.g., Wayne Gretzky’s “You will always
miss 100 percent of the shots that you never take”
becomes “ywAM100%ot$tyN+”.)
Requirements for passphrases can be found at:
hp://www.bualo.edu/ubit/password-safety
HINT: You can also use a password safe, a program that
generates and stores random, secure passwords.
www.buffalo.edu/ubit/security
