Employee Self Service

Minnesota Management & Budget - Employee Self Service Password Requirements

In an ongoing effort to ensure and increase security for Employee Self Service, MMB has strengthend the password requirements for Employee Self Service effective Monday, July 13, 2009.

The use of “strong passwords” – ones that are not easily discovered or guessed – has always been encouraged. The system will now enforce the use of a strong password.

• New Password Requirements
• Password Expiration
• Difficulty Signing In
• Forgot Password Hint

New Passowrd Requirements

Effective 7/13/2009, passwords:

• Must be a minimum of 8 characters – but it can be more
• Must include at least one number
• Must include at least one of the following special characters @ # $ % ^ & * ~ ! ?
• Continue to be case sensitive
• Cannot be reused for at least 6 password cycles. The system keeps track of your previous six passwords and prevents you from reusing them.
• Expire after 30 days

Additionally, we recommend the following characteristics for strong passwords:

• It should not be your name, spouse's name, child's name, pet's name, parent's name, etc.
• It should not be a real dictionary word
• It should be significantly different from previously used passwords (not just incrementing a counter, for example)
• It should contain characters from each of these 4 groups:
  • Upper case letters (A, B, C, ...)
  • Lower case letters (a, b, c, ...)
  • Numbers (1, 2, 3, ...)
  • Special characters @ # $ % ^ & * ~ ! ?

Password Expiration

At implementation, passwords will be changed to expire after 30 days, rather than 90 days.
This means that on July 13, 2009:

• passwords that are less than 30 days old will still be valid, but will expire at 30 days
• passwords that are 30 through 90 days old will be expired
• passwords that are more than 90 days old will have already expired

Users with expired passwords will be prompted to change their password, and are provided with a link to the page where the change can be made. An expired password can be changed as long as the user remembers the expired password.
Users can click on the Employee Self Service home page to display the General Profile Information page.
From this page users can:

• Click Change password to change their password AT ANY TIME.
• Click Change or set up forgotten password hint password to review or modify their validation question information.

Currently, users receive a warning message beginning 15 days prior to the expiration of their password that reminds them, “Your password will expire in X days. Do you want to change your password now?” Beginning July 13, 2009 this warning message will display beginning just 3 days before a password expires.

Difficulty Signing In

Self Service users that experience difficulty with their passwords can obtain a new password by clicking the “If you’ve forgotten your password, click here” link on the Employee Self Service sign-in page.

When the user correctly answers the validation question, a system assigned temporary password will allow the user access. System generated passwords should always be changed as soon as access has been established.

Forgot Password Hint

Self Service users who forget both their password and their password hint (the answer to the validation question) will need to contact selfservice.mmb@state.mn.us to have their security reset.(This email box is not monitored on weekends, holidays or evenings.)

We appreciate everyone’s efforts in implementing these changes.  If you have any other questions, please contact JoAnn Scholtz at joann.scholtz@mnsu.edu
or (507)389-2464.