Business Enterprise Network
	BEN Financials Home
	Frequently Asked Questions
	Advisories
	Closing Schedules
	Logging On
	Desktop/Printer Standards
	Documentation
	Training
	Security Access
	Enhancement Requests
	Financial Systems
	Document/Forms
	Contact Information
	Feedback

University of Pennsylvania
Suite 318 Franklin Building
3451 Walnut Street
Philadelphia, PA 19104
215.746.4357 (Phone)
215.898.0817 (Fax)

[ BEN Financials ]

Section 3. Passwords
Security & Access

** Effective November 26, 2012 the BEN Financials password minimum requirements will change. **

• Passwords must be a minimum of 8 characters
• Must include at least one uppercase letter, one lowercase letter, and one number
• Passwords must not contain repeating characters

Overview

The Logon ID identifies the user to BEN Financials. Any use of the BEN Financials applications is the responsibility of the user, identified by logon ID. As part of the logon ID, it is important that BEN Financials users choose passwords carefully and guard against anyone else using them.

A temporary password is assigned when the logon ID is assigned. The user is required to change the password when logging into the application for the first time. Passwords should be changed at regular intervals and at any time they may have been compromised.

Security Passwords - What's the Big Deal?

The password is what prevents other people from misusing University administrative systems in the user's name. If a password is compromised - if it is shared with someone, written down or scripted in any automatic logon - then other people can misuse University systems and it will appear as if the user did it.

Passwords are stored in an encrypted format in password files. The average user would not be able to look at the file and determine an individual's password. However, some individuals have been able to steal files and "crack" or decipher the encrypted codes to illegally learn passwords. One "cracking" method is to obtain the encrypting program, encrypt every word in the dictionary and then compare that list to the list of encrypted passwords. If an individual's password is in the dictionary, the "password cracker" then knows what it is. This is why it is important to choose strong passwords. Strong passwords are those that don't appear in crackers' dictionaries - include special characters (e.g. *,!,+,?), numerals and a mixture of upper and lower case letters.

Protecting Passwords

• Don't script the password (put it into programs that can be read by others)
• Don't write the password down
• Don't give the password to anyone - a boss, a friend, a systems administrator, anyone!
• Change the password regularly
• Pay attention to the date last logged in to be sure no one else is logging in
• Don't send passwords through e-mail

Choosing Passwords

• Choose a strong password - not one that could easily be guessed
• Be creative
• Do not use:
  • Birthdays
  • Family names
  • Words that could easily be identified with the user
  • English words or phrases
  • Proper nouns
• Do use:
  • Numerals and special characters such as * & ^ +
  • Symbols which look like or sound like letters or words, e.g., instead of 'timetogo' use 'Tyme2Go'
  • A mixture of upper and lower case

Application passwords must be comprised of:

• Passwords must be a minimum of 8 characters
• Must include at least one uppercase letter, one lowercase letter, and one number
• Passwords must not contain repeating characters

Note: The application password is case sensitive