Why use a secure passphrase?

A passphrase is like a password but longer, more secure and easier for you to memorize. A passphrase is a sentence and includes capitalization, spaces and punctuation. For example, the passphrase “Triangles are classified according to angles and sides.” contains:

  • A capital letter (T)
  • Special characters (period at the end of the sentence and spaces between the words)
  • 57 total characters
  • No personal information

Passphrases are more secure than passwords because they are longer and can be easier to remember. This reduces the probability of having to write down a passphrase.

In contrast, a password is usually one or two words and special characters or numbers. While passwords can be secure, they are shorter than passphrases and are harder to remember. This may increase the chance of having to write down a password.

How do hackers get my information?

Cracking: Cracking programs automatically guess common or simple passwords/passphrases and can make over one million crack attempts per second.

Malware: Viruses and spyware often contain passwords/passphrase stealers or keyloggers.

Non-Washburn Services: Never use your Washburn ID or email address and Washburn password/passphrase as credentials on a non-Washburn IT service. If that service is compromised, then your Washburn credentials are at risk.

Phishing: This is a fraudulent email, text message, or phone call designed to fool you into giving out your personally identifiable information. The messages appear to come from a trusted sender. Remember that UB never asks you to confirm a password or passphrase through email, so don't click on links. If you suspect you have received a phishing attempt email, please contact the report it using the Phish Alert button.

Shoulder Surfing: This happens when someone spies on you in order to learn your Washburn and passphrase so they can use your credentials.

Social Engineering: This happens when someone tricks you into breaking or ignoring security procedures.

Unsecure passwords/passphrases are risky

If someone has your Washburn email and password or passphrase, they could:

  • Find your personal information
  • Access Washburn services like MyWashburn, D2L, and others
  • Log into your Office 365 account and send or receive emails on your behalf
  • Access confidential information on the university's network
  • Learn about computing devices you have registered on the Washburn network and register their own device using your account

If you are a student and someone has your Washburn email and password/passphrase, they could:

  • Drop/add your classes
  • Change the account to which student refunds are disbursed
  • Accept/decline financial aid

If you are a faculty member and someone has your Washburn email and password/passphrase, they could:

  • Submit grades on your behalf
  • Log into your Office 365 account and send or receive emails on your behalf
  • Change your direct deposit account information
  • View your payroll information and W2 form
  • Access systems, information, or transactions that you are authorized to view or use

If you are a staff member and someone has your Washburn email and password/passphrase, they could:

  • Log into your Office 365 account and send or receive emails on your behalf
  • Change your direct deposit account information
  • View your payroll information and W2 form
  • Access systems, information or transactions that you are authorized to view or use

Cracking programs search for common passwords first. Therefore, passwords or passphrases should not:

  • Contain or be a variation of your name
  • Be the same as other passwords or passphrases you are currently using (including non-Washburn services)
  • Be a single word, forward or backward, from an English or foreign dictionary
  • Contain more than three sequential characters on a keyboard (ex: qwerty or 1234)
  • Contain more than two consecutive repeating characters (ex: aaaa1bb)
  • Be all numbers such as birth or anniversary dates (ex: 091785)
  • Have more than five (5) consecutive repetitions of the same character (aaaaa)
  • Be shared with anyone for any reason, including Washburn faculty, staff, or students
  • Do not reveal a passphrase over the phone
  • Do not send a passphrase in an email
  • Do not reveal a passphrase to your supervisor, manager, or co-workers
  • Do not talk about a passphrase in front of others
  • Be aware of phishing scams that attempt to get you to reveal your passphrase or other personal information
  • Do not use "Remember Password" application or website features
  • Use unique passphrases for each site or service
  • Use a password manager or service like Bitwarden, KeePass, or Dashlane
Change your Washburn password or passphrase by using the Washburn password portal. See step-by-step instructions for changing your Washburn password or passphrase.

GET IN TOUCH WITH ITS

Email the Technology Support Center
Email ITS Support

Call us for technical assistance
785.670.3000

Visit the Help Desk
Located in Bennett, Room 104

back to top button