Why a stronger password?
Your password - your secret word or phrase - allows you access to DHS information. Like the key to your home's front door, your password keeps out unwanted intruders. Here are a few good reasons why you should have a stronger password.
- Identity theft. Identity theft is rampant today. Nearly 10 million people in the United States were victims of identity theft in the last 12 months according to a recently released report from the Federal Trade Commission (FTC)
- Protects client information. We handle confidential client records everyday. It is our responsibility to ensure that this information doesn't fall into the wrong hands possibly resulting in personal or legal damages.
- Protects personal information. If someone learns your password, that person becomes you. They can garner confidential information about you, your family or information in your personnel files.
- System clog. A weak password can allow hackers to enter the system and clog it with computer worms and viruses. This can halt the flow of work, delete vital information and even shut down the system all together
- Unauthorized internal access. Often unauthorized access comes from inside a workplace. Nearly 80 percent of all information security breaches and resulting losses originate from inside an organization according to recent FBI data.
- Easily cracked. Weak passwords are easy to crack. A six-character password with both numeric and alpha characters has 2,176,782,336 possible combinations. An eight-character password has 1296 times more possibilities 2,821,109,907,456. This means that if a cracker can get to a password file and break a 6-position password in 1 hour, it would take 1,296 hours to break an 8-position password. Of course if the password contains a dictionary word the password search for the cracker only takes a few minutes.
- Current standards too low. Federal and state rules require stronger security. Compared to government requirements, the current DHS password standards are too low. Also, recent audit findings require us to develop more secure information systems. Successful implementation of the password policy will bring us closer to industry standards.
Creating a Strong Password
Having a strong password is the first step to ensuring that confidential client and personnel information stored in DHS information systems is safe and protected. A strong password (as defined by DHS policy) should:
- Be 8 characters long
- Be a combination of numeric and alpha characters
- Not contain dictionary words
- Not contain your easily identifiable personal information
- Be meaningful to you
- Be kept secret
- Be changed every 60 days
Passwords using names or initials
- Pick a family member or friend's initials and birth year (but not your own)
- Sarah Jessica Frazier Parker sjfp
- Now include the year they were born 1962
- New stronger password s1j9f6p2 or 19sjfp62
Pick an address of someone you know (but not your own)
2711 Main Street, Anytown, Oregon msao Add the house number 2711 New stronger password 27llmsao or ms27ao11
- Passwords using songs
- Pick a line from your favorite song.
- Oh say can you see! oscys
- Add the number of your troop or unit 932
- New stronger password oscys932 or 9osc3y2s
Pick a favorite phrase, one that means something to you.
- I love my 57 chevy pickup truck
- New stronger password ilm57cpt or ilmcpt57
When your password expires, you can continue to use your favorite phrase or name and just add in different significant numbers that relate to the phrase or name. If at first you use a friend's birthday, next time try an anniversary, or just modify the numeric order. If you need further help creating a strong password, contact your manager, Local Tech Specialist, RACF Sub-Administrator or Business Integrity Expert.
How to change your password
To change your RACF Mainframe (Hummingbird) password. This is for time-capture, CMS, FSMIS, IIS, etc.
At the CICS sign on screen:
- key in your USERID
- press tab, key in your password
- press tab until your cursor is in the New Password field
- key in your new password
- press the enter key
- Some client/server applications like TRACS, FACIS, etc., require the password to be identical to your mainframe password. You will need to go into these systems individually and change your password there as well.
- If you are a TRACS or remote laptop user for Oregon Access, your password must lead with an alpha character.
- If you use your number keypad (located to the right side of your keyboard) when creating and/or entering your password, it must be "on" for the system to register the numeric characters.
If you need further help, contact your Local Area Expert, Local Tech Specialist, RACF Sub-Administrator or Business Integrity Expert.