Students

In 2014 alone, more than 200 million personal records have been stolen or accessed through online data breaches.

State of Colorado – 18,800 employee records stolen
University of South Carolina – 6300 student records leaked
University of Maryland – 309,000 records stolen
Maricopa Community College – 2.4 million records stolen
Indiana University – 146,000 student records stolen
Target – 110 million credit card numbers, 140 million personal records stolen

As insecure as passwords generally are, they’re not going away anytime soon. Every year you have more and more passwords to deal with, and every year they get easier and easier to break. SVA Administrative and Network Services urges all College community members to follow the guidelines below when creating their MySVA password.

PASSWORD COMPLEXITY

Strong passwords are required for all SVA-issued accounts. All passwords, including initial/temporary passwords, should be a minimum length of eight characters and include at least three of the following characteristics (using all four is encouraged):

• At least one numeric character (0-9)
• At least one lowercase letter (a-z)
• At least one uppercase letter (A-Z)
• At least one non-alphanumeric character (~, !, @, #, $, %, ^, &, *, (, ), -, =, +, ?, [, ], {, })

STRONG PASSWORDS

When constructing a password, remembering these guidelines can increase its strength:

• Do not use words in any language that are slang, dialect, jargon, etc.
• Do not use personal information such as names (relatives, pets, etc.), or dates such as birthdays or anniversaries.
• Do not use words, phrases, or acronyms associated with the College (e.g., “sva” or “VASA”)
• Do not use computer terms, commands, sites, or software applications (e.g., “portal,” “mobile,” “web,” “mail,” “email,” “mysva”)
• Do not use word or number patterns (e.g., “aaabbb,” “qwerty,” “zyxwvuts,” “123321,″ “abc123,″ etc.)
• Do not increment previous passwords by prepending/appending additional characters (“password1″, “1password”, etc.)

PASSWORD CHANGE FREQUENCY

Regularly changing passwords is a sound security principle that adds to the overall security of SVA’s IT resources and systems. Depending on the classification of information, particular passwords should be set to expire at regular intervals. Passwords for newly activated accounts must be changed on first use.

PROTECTION OF PASSWORDS

All passwords must comply with the following:

• Default passwords must be changed to conform to this best practice prior to deployment of all software applications, systems and other IT devices on the SVA network.
• System administrators must validate the identity of the user prior to performing a password reset on the user’s account.
• Users must never share or reveal passwords with or to anyone (e.g., supervisor, a spouse, child, or secretary). Shared accounts are thus prohibited.
• Passwords must not be displayed, stored, or transmitted in plain text (e.g., authentication requests, unencrypted protocols, batch files, automatic log-in scripts, software macros, terminal function keys, devices without access control).
• Passwords must not be stored in any location where unauthorized individuals might discover or obtain them.
• If a user suspects their account has been compromised, the password on that account or system and all other accounts or systems using that same password must be changed immediately.

Other “Do Not’s” include:

• Do not reveal a password to ANYONE
• Do not reveal a password in an email message
• Do not talk about a password in front of others
• Do not hint at the format of a password (e.g., “my family name”)
• Do not reveal a password on questionnaires or security forms
• Do not share a password with family members
• Do not reveal a password to co-workers while on vacation
• Do not write down your password and store it in plain view or in any other insecure location
• Do not store passwords in a file on ANY computer system without encrypting the file

As a general rule, there are no legitimate reasons that a password should be revealed by any method to any person. The only notable exception to this rule is a situation where a user is being assisted in person by a known and trusted SVA IT support technician. After assistance has been rendered, the user should immediately change the shared password. Social engineering attacks generally rely on a user’s trust of IT support personnel to obtain passwords.Do you think your password is strong enough? How long would it take a hacker to crack your password?

The School of Visual Arts is committed to the safety and security of all members of the College community. In accordance with the federal Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act of 1998, the SVA Annual Security Report and Fire Safety Report for this year are now available. These reports contain statistics and institutional policies concerning fire safety, as well as information on campus security issues such as sexual assault and other matters.

Copies of both reports can be found on sva.edu.

If you have questions regarding this information, please contact SVA Institutional Research at 212.592.2829.

Jerold L. Davis

Director of Institutional Research

Squarespace—a website building and hosting company that provides user-friendly templates, free custom domain names, automatic formatting for mobile devices, round-the-clock support, and more—is offering all SVA students a 50% discount on their first year of service.  To take advantage of this offer, go to http://squarespace.com/sva and sign up for an account using your SVA email address.

To receive Term Honors, a student must be a matriculated undergraduate student who has completed 12 credits of coursework, without any grades of incomplete, and whose semester grade point average is within the top 20% of all students in their major department. Students whose semester grade point average is within the top 5% of all students in their major department will receive High Term Honors.