Announcements
ATTN Students/Faculty/Staff: Protect Yourself and SVA By Creating Stronger Passwords
State of Colorado – 18,800 employee records stolen
University of South Carolina – 6300 student records leaked
University of Maryland – 309,000 records stolen
Maricopa Community College – 2.4 million records stolen
Indiana University – 146,000 student records stolen
Target – 110 million credit card numbers, 140 million personal records stolen
As insecure as passwords generally are, they’re not going away anytime soon. Every year you have more and more passwords to deal with, and every year they get easier and easier to break. SVA Administrative and Network Services urges all College community members to follow the guidelines below when creating their MySVA password.
PASSWORD COMPLEXITY
Strong passwords are required for all SVA-issued accounts. All passwords, including initial/temporary passwords, should be a minimum length of eight characters and include at least three of the following characteristics (using all four is encouraged):
• At least one numeric character (0-9)
• At least one lowercase letter (a-z)
• At least one uppercase letter (A-Z)
• At least one non-alphanumeric character (~, !, @, #, $, %, ^, &, *, (, ), -, =, +, ?, [, ], {, })
STRONG PASSWORDS
When constructing a password, remembering these guidelines can increase its strength:
• Do not use words in any language that are slang, dialect, jargon, etc.
• Do not use personal information such as names (relatives, pets, etc.), or dates such as birthdays or anniversaries.
• Do not use words, phrases, or acronyms associated with the College (e.g., “sva” or “VASA”)
• Do not use computer terms, commands, sites, or software applications (e.g., “portal,” “mobile,” “web,” “mail,” “email,” “mysva”)
• Do not use word or number patterns (e.g., “aaabbb,” “qwerty,” “zyxwvuts,” “123321,″ “abc123,″ etc.)
• Do not increment previous passwords by prepending/appending additional characters (“password1″, “1password”, etc.)
PASSWORD CHANGE FREQUENCY
Regularly changing passwords is a sound security principle that adds to the overall security of SVA’s IT resources and systems. Depending on the classification of information, particular passwords should be set to expire at regular intervals. Passwords for newly activated accounts must be changed on first use.
PROTECTION OF PASSWORDS
All passwords must comply with the following:
• Default passwords must be changed to conform to this best practice prior to deployment of all software applications, systems and other IT devices on the SVA network.
• System administrators must validate the identity of the user prior to performing a password reset on the user’s account.
• Users must never share or reveal passwords with or to anyone (e.g., supervisor, a spouse, child, or secretary). Shared accounts are thus prohibited.
• Passwords must not be displayed, stored, or transmitted in plain text (e.g., authentication requests, unencrypted protocols, batch files, automatic log-in scripts, software macros, terminal function keys, devices without access control).
• Passwords must not be stored in any location where unauthorized individuals might discover or obtain them.
• If a user suspects their account has been compromised, the password on that account or system and all other accounts or systems using that same password must be changed immediately.
Other “Do Not’s” include:
• Do not reveal a password to ANYONE
• Do not reveal a password in an email message
• Do not talk about a password in front of others
• Do not hint at the format of a password (e.g., “my family name”)
• Do not reveal a password on questionnaires or security forms
• Do not share a password with family members
• Do not reveal a password to co-workers while on vacation
• Do not write down your password and store it in plain view or in any other insecure location
• Do not store passwords in a file on ANY computer system without encrypting the file
As a general rule, there are no legitimate reasons that a password should be revealed by any method to any person. The only notable exception to this rule is a situation where a user is being assisted in person by a known and trusted SVA IT support technician. After assistance has been rendered, the user should immediately change the shared password. Social engineering attacks generally rely on a user’s trust of IT support personnel to obtain passwords.Do you think your password is strong enough? How long would it take a hacker to crack your password?
SVA Annual Security and Fire Safety Reports
Copies of both reports can be found on sva.edu.
If you have questions regarding this information, please contact SVA Institutional Research at 212.592.2829.
Jerold L. Davis
Director of Institutional Research
Students At-Risk Team (STAR)
Campus Safety
Emergency Incident Guides
Emergency Training Video
Campus Safety Essentials
Emergency Response Guidelines
Emergency Numbers Wallet Card
Safeguard Your Personal Property
The Office of Security Services is charged with maintaining a safe and secure environment at SVA. Its chief responsibilities include patrolling campus and staffing security desks; lending assistance and coordinating with first responders in emergencies; investigating reports made by students, faculty and staff; and collecting campus crime statistics for the US Department of Education. The office’s success depends heavily on cooperation from all those who it is asked to protect.
- Carry your SVA-issued wallet card with telephone numbers for security desks, and keep a copy at your desk. For a replacement card or to request one, contact proffice@sva.edu.
- Employees: Close and lock your office door and windows, whether you are going out for lunch or leaving for the day.
- If you find an open door or window in a public area, close it.
- Employees: Keep valuables under lock and key, especially if you do not have a locked office.
- Don’t leave personal belongings—wallets, backpacks, pocketbooks—unattended.
- Report all incidents and thefts to your building’s Security Desk.
- If you are reporting an incident after business hours, call the 24-hour Security Desk at 209 East 23 Street: 212.592.2001.
- To report a suspicious individual or activity, notify the nearest building’s Security Officer.
- If you find a backpack, package or gym bag, don’t move it. Notify the nearest Security Officer.
- When in doubt, trust your gut. If you see something that would make you uncomfortable or fearful at home or on the subway, it’s something to report to SVA Security.
Quick Links