10
10
0
1
10
01
0
1
0
1
0
0
1
0
1
0
0
1
0
1
0
0
1
0
1
0
1
0
0
1
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
0
1
0
0
0
1
0
1
0
1
0
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
00
10
1
01
0
0
10
100
1
0
1
0
1
0
1
protect your passphrase
There are several dierent ways someone can acquire
your passphrase:
• Cracking: Password cracking programs are
designed to guess the most common passphrases
rst. Most current programs can make over one
million crack aempts per second.
• Malware: Password stealers and keyloggers are
oen packaged with viruses and spyware. Always
run up-to-date an-virus.
• Social Engineering: Never give away your
passphrase to anyone, even someone claiming to
work for a help desk.
• Phishing: Universies and companies will never ask
you to conrm your passphrase through email, so
don’t click on links in an email asking you to do so.
Type the URL into a Web browser manually.
why use a secure
passphrase?
If someone cracks your passphrase, they can:
• Obtain your personal informaon, which can lead
to identy the
• Gain access to your email account to read and send
email
• Access MyUB, HUB Student Center or other
services
• Access condenal UB informaon on the
university’s network
• Gain informaon about your registered
computers at UB and register their
own on your UB account.
what is a secure
passphrase?
A secure passphrase is the next generaon
in passwords. It uses a short phrase instead of
a single word, making it more dicult for someone
else to guess or use.
It should be virtually impossible for others to guess,
and not contain or be based on personal
informaon. Passphrases should never be wrien
down or given to anyone else.
what should I avoid?
There are many ways people try to make their
passphrases easier to remember. Password cracking
programs look for the most common passwords rst.
Passphrases should NOT:
• Contain your UBITName
• Be the same as other passphrases you are
currently using (including non-UB services)
• Be a single word, forward or backward, from an
English or foreign diconary
• Contain more than three sequenal characters
on a keyboard (ex: qwerty or 1234)
• Contain more than two consecuve repeang
characters (bbbb2bbb)
• Be all numbers such as birth or anniversary
dates (ex: 011551)
• Be shared with anyone for any reason
how do I create an easy
to remember
passphrase?
Here are three simple ways to construct a secure,
easy to remember passphrase:
1. Create a passphrase by taking a short phrase and:
• Change the capitalizaon of some of the leers
• Replace some of the leers with numerical and
symbolic substuons ($ for S, 8 for B)
• Misspell or abbreviate some words
(E.g., the phrase “iced tea is great for summer”
becomes “!cedTisgr84$umm3R”.)
2. Choose several shorter words and add some
numbers in the center, then change the
capitalizaon and substute symbols for leers.
(E.g., the phrase “book 451 Bradbury” becomes
“bO()K451BR^Dbury”.)
3. Choose a memorable quote or phrase and use
only the rst leer from each word. Vary the
capitalizaon.
Also include numbers and symbols, either as
substuons for leers or as a replacement for a
full word. (E.g., Wayne Gretzky’s “You will always
miss 100 percent of the shots that you never take”
becomes “ywAM100%ot$tyN+”.)
Requirements for passphrases can be found at:
hp://www.bualo.edu/ubit/password-safety
HINT: You can also use a password safe, a program that
generates and stores random, secure passwords.
www.buffalo.edu/ubit/security