Employee Self ServicePage address: http://www.mnsu.edu/hr/selfservice.html
Minnesota Management & Budget - Employee Self Service Password Requirements
In an ongoing effort to ensure and increase security for Employee Self Service, MMB has strengthend the password requirements for Employee Self Service effective Monday, July 13, 2009.
The use of “strong passwords” – ones that are not easily discovered or guessed – has always been encouraged. The system will now enforce the use of a strong password.
Effective 7/13/2009, passwords:
- Must be a minimum of 8 characters – but it can be more
- Must include at least one number
- Must include at least one of the following special characters @ # $ % ^ & * ~ ! ?
- Continue to be case sensitive
- Cannot be reused for at least 6 password cycles. The system keeps track of your previous six passwords and prevents you from reusing them.
- Expire after 30 days
Additionally, we recommend the following characteristics for strong passwords:
- It should not be your name, spouse's name, child's name, pet's name, parent's name, etc.
- It should not be a real dictionary word
- It should be significantly different from previously used passwords (not just incrementing a counter, for example)
- It should contain characters from each of these 4 groups:
- Upper case letters (A, B, C, ...)
- Lower case letters (a, b, c, ...)
- Numbers (1, 2, 3, ...)
- Special characters @ # $ % ^ & * ~ ! ?
At implementation, passwords will be changed to expire after 30 days, rather than 90 days.
This means that on July 13, 2009:
- passwords that are less than 30 days old will still be valid, but will expire at 30 days
- passwords that are 30 through 90 days old will be expired
- passwords that are more than 90 days old will have already expired
Users with expired passwords will be prompted to change their password, and are provided with a link to the page where the change can be made. An expired password can be changed as long as the user remembers the expired password.
Users can click on the Employee Self Service home page to display the General Profile Information page.
From this page users can:
- Click Change password to change their password AT ANY TIME.
- Click Change or set up forgotten password hint password to review or modify their validation question information.
Currently, users receive a warning message beginning 15 days prior to the expiration of their password that reminds them, “Your password will expire in X days. Do you want to change your password now?” Beginning July 13, 2009 this warning message will display beginning just 3 days before a password expires.
Self Service users that experience difficulty with their passwords can obtain a new password by clicking the “If you’ve forgotten your password, click here” link on the Employee Self Service sign-in page.
When the user correctly answers the validation question, a system assigned temporary password will allow the user access. System generated passwords should always be changed as soon as access has been established.
Self Service users who forget both their password and their password hint (the answer to the validation question) will need to contact email@example.com to have their security reset.(This email box is not monitored on weekends, holidays or evenings.)
We appreciate everyone’s efforts in implementing these changes. If you have any other questions, please contact JoAnn Scholtz at firstname.lastname@example.org