Information Security

In simplest terms, Password Security is the process of choosing a difficult to guess password, then keeping it a secret. Since your password/s are the primary protection mechanism for your accounts, a poorly chosen (weak) password may result in compromise of personal user information and possibly confidential Virginia University of Lynchburg information. As such, all Virginia University of Lynchburg faculty, staff, and students (including visitors, contractors, and vendors with access to Virginia University of Lynchburg systems) are responsible for taking appropriate measures to select and secure their passwords.

Attackers can use programs to compromise easily guessed passwords. When an attacker has access to your accounts, then he/she may inherit access to your private information and/or confidential Virginia University of Lynchburg information. Because of this, the IT department has adopted more strenuous password complexity requirements. Your new password will make it more difficult for an attacker to compromise your accounts. Remember, your password can be super difficult to guess, but if you share it with anyone, you’ve already compromised your accounts. So choose a difficult to guess password, then keep it a secret.

At VUL, we now have a few new requirements to make sure that our users create what we call ‘Strong Passwords’. These are passwords that an imposter could not easily guess. Your new password must:

Be at least eight characters in length Include one number, one uppercase letter, and one lowercase letter (within the first eight characters) Must NOT include special characters (!@#$%%^&, etc.) Must NOT be a password used within the past 270 days

To create such a password, try to utilize phrases instead of words. In this way, you can control what your password is without having some random string of characters that is difficult to remember. Take the following example for instance.

Phrase: “Virginia University of Lynchburg 2018”

We could certainly break this phrase up into many different usable passwords or use the whole phrase if we so choose. For this example, let’s just take the first letter from each word and make a password from it (don’t forget the complexity requirements).

v U L 2 @ ! 8

Great! It meets all of our requirements. Here are some other examples of strong passwords formed from phrases:

Phrase: “The New Testament” Possible Passwords: N w t 5 7 m n t n w t 5 2 M n t n w T 5 t m n T

Phrase: Peas and Carrots Possible Passwords: P 3 4 s c r t s P e A 5 c r 7 s p e 4 s c R t 5

In each of these examples, the chosen passwords meet the University guidelines for minimum password criteria. Also, each password is not based on a single dictionary word.

Now pick a phrase for yourself. Maybe a Bible verse, famous quote, or anything you like. Remember, don’t use words or phrases that others may think you will use. Don’t make it easy for someone to guess your password!

Passwords are personal information that should never be shared with any other person, including, but not limited to, instructors, assistants, technology service staff, or supervisors. Users should not transmit passwords via email, as this is an insecure medium. Moreover, users are recommended against writing down passwords and/or storing them in an insecure place. Users sometimes record passwords in personal data assistants (PDAs) or other electronic means. While this is not entirely secure, users are encouraged to strengthen security by utilizing encryption capability. Users are discouraged from storing passwords in plain-text (non-encrypted) on any electronic media. Finally, Virginia University of Lynchburg recommends that passwords not be shared with external accounts such as AOL, Yahoo!, MSN, or other free or paid services.

If you have many different accounts with separate passwords (a good idea by the way), then you probably struggle to remember which password goes with what account. Either that or you just make your password very simple so that you don’t forget. There are many programs available (some for free) that help manage passwords. Password Safe is one of these programs. It will allow you to store all of your passwords in one database. It encrypts the database using a key based on one single password you choose. From here on out, all you need to remember is the one password to let you in, then find whatever password you need to get into your other accounts. If you don’t like this one, look around. There are plenty of other password programs out there. The point is that you are being diligent in protecting information, but won’t have to remember so many passwords.

Users should contact the VUL IT Help Desk at 434.528.5276 or helpdesk@vul.edu if a password has been forgotten. The IT Help Desk has the ability to reset passwords to temporary values. Once a password has been reset, the user should change the password as soon as they are able to gain access to the system.

Virginia University of Lynchburg recommends that users change their password approximately every 180 days. If at any time a user suspects that his/her password has been compromised, the user should immediately change all passwords to protect individual and university confidentiality.

Our password change process will check each new password to make sure that it meets our new requirements. If it doesn’t, you’ll have to try again. To help reduce the chances of getting rejected, make sure that you’ve satisfied the following checklist.

-Understand why passwords and secrecy are important
-Understand which kinds of characters your password MUST include
-Understand which kinds of characters your password must NOT include
-Have chosen a good phrase to base your password on
-Make sure your password meets the complexity requirements

If you didn’t create or think of something first, you should be sure to seek licensure or properly credit the bearer of the Intellectual Property rights. We are all somewhat familiar with plagiarism, copyright infringement, trademark violations, patent infringement, and yes, even digital copyright infringement. Though this list is not comprehensive, you get the point. If you have questions about the origin or ownership of something you plan to use, make sure that it’s not already another’s protected work. Even ideas are protected so take care that you don’t use something without properly licensing use, crediting the true source, or violating another’s legal protections.

The Virginia University of Lynchburg community of teachers and scholars affirms that the biblical principles of truth and honesty are absolutely essential. Indeed, the Bible contains numerous admonitions against false witness, dishonesty and cheating. Upholding the standard of academic integrity with its reliance on honesty is a responsibility of both faculty and students. Conduct that violates academic integrity includes, but is not limited to:

1. Dishonesty. This is lack of integrity exhibited through lying, cheating, defrauding or deceiving. Examples of dishonesty include: copying from the examination paper of another, allowing one’s own examination paper to be copied, reading without the instructor’s consent a copy of the examination prior to the date it is given, giving or receiving unpermitted aid on a take-home examination, class assignment, project and other papers; use of unauthorized aids; submitting the same work product in more than one course without the express permission of the instructor(s); or disclosing or accepting information if one takes a test at a different time than other students in the same course.

2. Plagiarism. This is stealing or using the ideas, writings or images of another as one’s own. It involves failure to acknowledge material copied from others or failure to acknowledge one’s indebtedness to another for the gist of important thoughts in a formal statement, written or oral. Charges of violating academic integrity shall be handled according to established student discipline procedures published in the Catalog and the Student Handbook.

According to Merriam-Webster Online Dictionary, to ‘plagiarize’ means:

to steal and pass off (the ideas or words of another) as one’s own
to use (another’s production) without crediting the source
to commit literary theft
to present as new and original an idea or product derived from an existing source

There are many different file sharing applications available for use over the Internet. When you choose to use one of these, be sure that it shares your music, video and other files legally. In most cases, you should be required to pay a fee to ‘swap’ files. An obvious sign that you are violating copyright is if you are not paying to download new files or share files you have already acquired. Examples may include KaZaA, Gnotella, Limewire, and Morpheus.

You should also understand that having these kind of applications on your personal pc may allow other users to connect directly to your pc. This is an extreme security risk. Further, if you install these kind of applications on your University owned workstation or laptop you are violating VUL policy. By allowing others to connect to a VUL workstation or laptop, you expose the University network to unnecessary security risks. As such, violation of this or other University policies may lead.