Password Terminology:

Types of Characters: There are four different types of characters used in making passwords. Use of as many different combinations of these character types greatly increases the resources needed to "crack" a password.

• Upper case letters (A, B, C, etc.),
• Lower case letters (a, b, c, etc.),
• Arabic numbers (1, 2, 3, etc.), and
• Special Characters = ~ # $ % ^ & * ( ) _ + ` : ; " < > , ?
  

NOTE: IA and MAPS passwords are NOT case sensitive. MAPS and IA passwords are NOT the same and have different rules.

Passwords are often the weakest link in a computer security scheme. Strong passwords are important because password cracking tools continue to improve and the computers used to crack passwords are more powerful. Passwords that once took weeks to break can now be broken in hours.

Password cracking software uses one of three approaches: intelligent guessing, dictionary attacks, and automation that tries every possible combination of characters. Given enough time, the automated method can crack any password. However, it still can take months to crack a strong password. That is why we require the use of strong passwords that include at least three of the four character types.

An Easily Broken Password is one that:

Can be easily tied back to the account owner such as:

• user name
• social security number
• nickname
• relative's names
• birth date

Also, names of places (cities or countries), all numbers, all the same letter or number, keyboard patterns (qwerty, jkl;, etc.) are insecure and easily broken.

A Strong Password is one that:

• is at least eight characters in length,
• is not a name or dictionary word, and
• contains at least three of the four types of characters identified above.

Creating a Strong Password

Combine short, unrelated words with numbers or special characters. For example: eAt42peN

Substitute numbers or special characters for letters. (But do not just substitute) For example: "livefish" - is a bad password. "L1veF1sh" is better and satisfies the rules, but setting a pattern of 1st letter capitalized, and i's substituted by 1's can be guessed. "l!v3f1Sh" - is far better, the capitalization and substitution of characters is not predictable.

Remembering Strong Passwords

Make the password difficult to guess but easy to remember. Use something to help you remember it such as the title to a favorite song (We all live in a Yellow Submarine = WaliaYS!)

You may have passwords on many different systems such as your agency's network, IA Data Warehouse, Budget Information Systems (BIS), MAPS, SEMA4, and Employee Self Service. Many users will choose to synchronize their password across the various systems. Even though the different systems have different requirements as listed below, it is possible to find a common denominator across all systems so that a strong password can be synchronized. For example, even if your agency's network allows users to keep their passwords for 90 days, the network probably allows more frequent changes so that users of both the network and MAPS or SEMA4 can change their passwords to conform with the thirty day requirement for MAPS and SEMA4. Similarly, MAPS or SEMA4 users can use a combination of Uppercase letters, Numbers and Lowercase letters to satisfy the more stringent character type requirements of other systems. MAPS and SEMA4 passwords are not case sensitive, but they do accept both uppercase and lowercase letters..

Who can I tell my password to?

• Don't tell your password to anyone!
• Be wary of anyone who requests your password for any reason.
• If you suspect that someone knows your password, change it immediately.
• Don't write down your password. There are several very good, open source (free) tools that allow you to have a different password for all the different programs and websites that you deal with, without actually having to remember all those usernames and passwords available on the web. Of course this all depends on your dept. policies for downloading outside software.

To Change Your IA Warehouse Password & Other Tidbits

The Information Access (IA) Data Warehouse contains Statewide Employee Management Application data (SEMA4) and Minnesota Accounting and Procurement system data (MAPS), used in reporting. Most people use Crystal Reports or Crystal Runtime to access the warehouse and run reports, but some people use other tools such as Microsoft Access.

The requirements for the password you use to sign into the IA Data Warehouse are being strengthened. This will help keep the warehouse information more secure.

Part of this policy change requires you to change your password every 90 days to meet the new requirements. Seven days before the password expires, you will start receiving email messages stating, "Your Information Access Data Warehouse password will expire on [DATE]". At this time you will need to change your password. You will continue to receive an email each day until your password has been changed or expires.

Change your IA Data Warehouse password

To do this you must have the IA Password Change program installed on your computer. Changing the password can be done by clicking on Start on your Windows Desktop, then click either "All Programs" (Windows XP) or "Programs" (Windows 2000), then "Information Access", "IA Password Change". Type your current password, type a new password (at least eight characters), type it again in the Confirm Password field, and click OK.

If you do not have the IA Password Change program on your computer, (Start> Programs or All Programs> Information Access> IA Password Change) please call the IA helpdesk at 651-201-8100 - option #4 for assistance. This will require a login ID, password and assistance from your IT staff to .FTP the file and install it in the proper location.

You play a crucial role in preventing others from signing in to your IA Data Warehouse account. Never reveal your password to another person. Ensure you have changed your initial password, create "strong" passwords, and change them on a frequent basis. Strong passwords are ones that are not easily discovered or guessed.

Creating a new password and the characteristics of a strong password.

• Must have at least eight characters (passwords are not case sensitive)
• Must contain at least one alpha, one numeric, and one special character
• Allowable special characters are ~ # $ % ^ & * ( ) _ - + ` : ; " < > . , ! ? =
• Cannot contain special characters @ [ ] { } \ '
• Note: Special characters that are common to both IA and the Mainframe * $ : % . ? # _ - ! &
• Cannot contain blanks (spaces)
• Cannot be the same as your user name
• Cannot be a word in a list of common specific words (e.g., 'welcome', 'oracle', 'computer', 'abcd')

When changing your password please remember that, the system keeps track of your previous four passwords and prevents you from re-using them within 90 days.

After 10 attempts to sign in with the wrong password your account will be locked. If your account has been locked, before you attempt to login, you will need to contact the Information Access Helpdesk at the phone number or email address listed below to first unlock your account.

Tips:

• System generated emails will be sent when it's time to change your password
• If you prefer, you can change your password now rather than waiting to be prompted
• When you change your password the new password must follow the requirements listed above

If you have questions about the password requirements for the IA Data Warehouse, please contact the IA Helpdesk, 651-201-8100, Option 4, or by email at This e-mail address is being protected from spambots. You need JavaScript enabled to view it .

Budget Information Systems (BIS)

BIS user accounts are initially set up with the users login ID as the password. Use of the login ID as the password works for only the initial login and users must choose a new password. The password must be at least 5 characters and can include letters and numbers. Both upper and lower case letters can be used because the password is not case sensitive. BIS passwords do not expire. Call the Help Line (651-201-8100 option #6) for assistance if you forget your password. Previous passwords can be reused.

To change your BIS password from the BIS application select "Utilities--Password" from the menu bar. In the Password Maintenance dialog box, enter your old password, new password, retype your new password and click OK.

Mainframe (ACF2 (MAPS, SEMA4, TSO, FTP, InfoPac, Document Direct, etc))

Mainframe Password Requirements

• Passwords must be exactly eight (8) characters long (mainframe passwords are not case sensitive).
• Passwords must contain at least 1 alpha character
• Passwords must contain at least 1 numeric character
• Passwords must contain at least 1 of the following special characters: * $ : = - ! . % ? @ # _ & (If a MAPS user do not use the = sign)
• The special character can be the first or last character of the password, except if a MAPS user do not use a special character as the first character.
• Passwords cannot contain three of the same character in a row e.g. r@bbbit3 would not work but r@bbit33 would work.
• Passwords must be retained for a minimum of 5 days
• Passwords must be changed every 30 days
• Passwords cannot be reused for at least 6 password cycles.

Changing your MAPS password

1. 1. After opening the MAPS GUI, click on the "File" tab, then "Connections".
   2. Selecting either "Production Accounting" or "Production Procurement" will bring up the "Mainframe Server Sign-on" window.
   3. In the "Mainframe Server Sign-on" window you will be prompted to enter your User ID and Password.
   4. If a password change is desired, follow the next set of instructions by entering a new password, and then re-entering the new password for verification. Then click "OK".
   5. Your password must begin with a letter.

If you have any questions, contact Steve Olson at 651-201-8172 or at This e-mail address is being protected from spambots. You need JavaScript enabled to view it

Changing your SEMA4 password

SEMA4 users who have been using Hummingbird Host Explorer to change their password need to change to using a method that supports encryption. Host Explorer does not support encryption.

OET has experience with and supports a 3270 emulator that supports encryption, called Bluezone. BlueZone exists in both a client version, like Host Explorer, and a web version, where all that is required is an Internet browser. For those SEMA4 users that have been using Host Explorer ONLY for changing their password we recommend that they use the web based version of BlueZone. It is much more convenient than installing the BlueZone client. A link to web-based BlueZone is at the bottom of this page.

For those SEMA4 users that are also MAPS users, the version of BlueZone that is used does not matter, since they will already have the BlueZone client installed for using MAPS.

URL for Web based BlueZone:

http://www.mnzone.state.mn.us/bzmn/frame_itg.htm

Changing your DocumentDirect password

The password requirements for DocumentDirect for Windows are the same as the mainframe password requirements listed above. Your DocumentDirect Recipient ID and password are the same as your Mainframe Logon ID and password. For example, if you are a MAPS user, you would use the same Logon ID and password for MAPS as you would when signing on to DocumentDirect. Note: Changing your password is not an option for DocumentDirect for the Internet, the web-based version of DocumentDirect. It must be changed through a different application, i.e. MAPS, Bluezone or DocumentDirect for Windows.

6 easy steps to change your password in DocumentDirect for Windows:

1. After opening DocumentDirect, click on the "Options" tab.
2. Click on "Password Maintenance".
3. Make sure that "Document Server ID" says "TCPIP"
4. Enter your Recipient ID, which is the same as your Mainframe Logon ID, and then enter your current password.
5. In order to change your password you must enter a new password in the "New Password" field, and then re-enter your new password in the "Confirm New Password" field. Then click "OK".
6. Try logging in to confirm that your password was successfully changed.

If you have any questions, e-mail This e-mail address is being protected from spambots. You need JavaScript enabled to view it or call Levi Arel at 651-201-8166.