Creating a Secure UBITName Password or Passphrase

Protect yourself from identity theft.

Operating System: All

Applies To: UB students, faculty, staff, alumni, retirees and volunteers

Last Updated: March 12, 2019

Why use a secure passphrase?

A passphrase is like a password but longer, more secure and easier for you to memorize. A passphrase is a sentence and includes capitalization, spaces, punctuation and at least 1 number. For example, the passphrase “Sunshine on my sh0ulders.” meets the UB requirements below:

  • A capital letter (S)
  • At least 1 number (0)
  • Special characters (period at the end of the sentence and spaces between the words)
  • No more than 32 characters
  • No personal information

Passphrases are more secure than passwords because they are longer and can be easier to remember. This reduces the probability of having to write down a passphrase.

In contrast, a password is usually one or two words with special characters and numbers. While passwords can be secure, they are shorter than passphrases and are harder to remember. This may increase the chance of having to write down a password.

How do attackers get my information?

Cracking: Cracking programs automatically guess common or simple passwords/passphrases and can make over one million crack attempts per second.

Malware: Viruses and spyware often contain passwords/passphrase stealers or keyloggers.

Non-UBIT Services: Never use your UBITName or email address and UBITName password/passphrase as credentials on a non-UB IT service. If that service is compromised, then your UB credentials are at risk.

Phishing: This is a fraudulent email, text message, or phone call designed to fool you into giving out your Personally Identifiable Information (PII). The messages appear to come from a trusted sender. Remember that UB never asks you to confirm a password or passphrase through email, so don't click on links. If you suspect you have received a phishing attempt email, please contact the UBIT Help Center.

Shoulder Surfing: This happens when someone spies on you in order to learn your UBITName and passphrase so they can use your credentials.

Social Engineering: This happens when someone tricks you into breaking or ignoring security procedures.

Unsecure UBITNames and passwords/passphrases are risky

If someone has your UBITName and password or passphrase, they could:

  • Find your personal information
  • Access UB services like MyUB, HUB Student Center, and others
  • Log into your UBmail and send or receive emails on your behalf
  • Access confidential information on the university's network
  • Learn about computing devices you have registered on the UB network and register their own device using your account

If you are a student and someone has your UBITName and password/passphrase, they could:

  • Drop/add your classes
  • Change the account to which student refunds are disbursed
  • Accept/decline financial aid

If you are a faculty member and someone has your UBITName and password/passphrase, they could:

  • Submit grades on your behalf
  • Log into your UBmail and send or receive emails on your behalf
  • Change your direct deposit account information
  • View your payroll information and W2 form
  • Access systems, information, or transactions that you are authorized to view or use

If you are a staff member and someone has your UBITName and password/passphrase, they could:

  • Log into your UBmail and send or receive emails on your behalf
  • Change your direct deposit account information
  • View your payroll information and W2 form
  • Access systems, information or transactions that you are authorized to view or use

What to avoid when creating a password or passphrase

Cracking programs search for common passwords first. Therefore, passwords or passphrases should not:

  • Contain or be a variation of your UBITName or name
  • Be the same as other passwords or passphrases you are currently using (including non-UB services)
  • Be a single word, forward or backward, from an English or foreign dictionary
  • Contain more than three sequential characters on a keyboard (ex: qwerty or 1234)
  • Contain more than two consecutive repeating characters (ex: aaaa1bb)
  • Have more than five (5) consecutive repetitions of the same character (aaaaa)
  • Be shared with anyone for any reason, including UB faculty, staff, or students

How do I make sure my password or passphrase is confidential?

  • Do not reveal a passphrase over the phone
  • Do not send a passphrase in an email
  • Do not reveal a passphrase to your supervisor, manager, or co-workers
  • Do not talk about a passphrase in front of others
  • Do not fall for phishing scams that attempt to get you to reveal your passphrase or other personal information
  • Do not use “Remember Password” application or website features

How do I change my UBITName password or passphrase?

Change your UBITName password or passphrase by using the UBITName Manager

See step-by-step instructions for changing your UBITName password or passphrase
Still need help?

Contact the UBIT Help Center.