Protect yourself from identity theft.
Operating System: All
Applies To: UB students, faculty, staff, alumni, retirees and volunteers
Last Updated: January 18, 2018
If someone has your password, they can:
- Find personal information
- Access MyUB, HUB Student Center or other services
- Log into your UBmail account
- Access confidential UB information on the university's network
- Gain information about your registered computers at UB and register their own on your UB account
There are several different ways someone can acquire your password:
- Cracking: Password cracking programs are designed to guess the most common passwords first. Most programs can make over one million crack attempts per second.
- Malware: Password stealers and keyloggers are often packaged with viruses and spyware.
- Phishing: UB will never ask you to confirm your password through email, so don't click on links in an email asking you to do so. If you suspect or are unsure if you have received a phishing attempt email, please contact the UBIT Help Center before clicking on any links with the email.
- Social Networking: Never give away your password to anyone, even someone claiming to work for the UBIT Help Center or other UB department.
The next generation in secure passwords is a passphrase. A passphrase uses a short phrase instead of a single word, making it more difficult for someone else to guess or use. It should be virtually impossible for others to guess, and not contain or be based on personal information.
There are many ways people try to make their passwords easier to remember. Password cracking programs look for the most common passwords first.
Passwords should NOT:
- Contain your UBITName
- Be the same as other passwords you are currently using (including non-UB services)
- Be a single word, forward or backward, from an English or foreign dictionary
- Contain more than three sequential characters on a keyboard (ex: qwerty or 1234)
- Contain more than two consecutive repeating characters (ex: aaaa1bb)
- Be all numbers such as birth or anniversary dates (ex: 091785)
- Be shared with anyone for any reason
There are three simple ways:
- Create a password by taking a short phrase and:
- Change the capitalization of some of the letters
- Replace some of the letters with numerical and symbolic substitutions (ex: $ for S, 3 for E)
- Misspell or abbreviate some words (ex: "go fight win ub bulls" becomes "G0f!gh+winu88u11$")
- Choose several shorter words and add some numbers in the center, than change the captialization and substitute symbols for letters (ex: "book 1159 Hamlet" becomes "b0()k1159H^ml3+").
- Choose a memorable quote or phrase and use only the first letter from each word (ex: "We will show the world what it means to be the University at Buffalo" becomes "WW$+ww!m+8tU^B").