XI.B Passwords
10/1/2016
For information on passwords and password security, please review the Information Security and Privacy Office (ISPO) intranet page specific to passwords.
Each worker’s password identifies the work and actions completed by that employee. Passwords keep consumer information secure and prevents unauthorized access.
Staff are responsible for information entered and payments issued using their system access ID and password.
It is the responsibility of all authorized users to protect confidential consumer data in all forms including electronic, written documents, reports, and verbal. This protection includes maintaining password secrecy, not sharing terminal access with others, and taking a pro-active approach in the protection of consumer data and confidentiality.
For staff personal and for consumer protection:
· Do not write passwords down or leave them where they can be found. This includes entering passwords into RACF or Oregon ACCESS (OA) while others can watch keystrokes. Each employee is responsible for all actions taken under their own password.
· Do not lend passwords to someone who has forgotten their own or who needs temporary access to data. Each person must access data through their own password, even if it is issued and revoked the same day.
· Do not share passwords. This includes situations where staff may job share, temporarily help someone, or where there are only two people in a remote office. Each person must obtain and use their own login and private password.
· Do not auto store. An automatic sign on processes that eliminates the need to enter your password also eliminates the security provided by a password requirement. Quick-keys, macros, or other methods to store passwords are considered a violation of security.
Note: Do not leave your terminal/PC unattended when it is logged into Oregon ACCESS, the DHS Mainframe, or TRACS. Log off when you leave for breaks, lunch, meetings, or any other reason.
2. Changing passwords in DHS data systems
DHS systems require a new password every sixty days. Additionally passwords must be changed whenever password secrecy may have been compromised. After five attempts to use an invalid password on the mainframe, or if it is forgotten, staff must request reinstatement through the local sub-administrator or the DHS Service Desk, if the sub-administrator is unavailable.
A. Oregon ACCESS (OA)
1. Sign onto OA with the current password;
2. Click Select;
3. Click Housekeeping;
4. Click Maintain Password;
5. Enter the current password;
6. Enter the new password;
7. Enter the new password a second time;
8. Click OK;
9. To sign off, click on the X at the top right hand side of the screen or use Alt + F4.
Note: The Oregon ACCESS and DHS Mainframe passwords must match.
B. DHS Mainframe (Hummingbird)
At the sign on screen:1. Enter the USERID;
2. Press tab;
3. Enter the current password;
4. Press tab until the cursor is in the New Password field;
5. Enter the new password;
6. Press <Enter>.
Note: The Oregon ACCESS and DHS Mainframe passwords must match.
C. TRACS
At the sign on screen:
1. Enter in the current password;
2. Click on the Change Password button;
3. Enter the new password in the New Password field;
4. Re-enter the new password in the Verify New Password fields;
5. Click OK.