Skip to Content


SWIFT

Statewide Systems Password Information


Passwords are an important tool to help us protect the Statewide Systems from attack. Much of the data in the systems is private and confidential data. In all cases it is important to keep this private and confidential data from everyone who doesn't have a business need to see it. Passwords are one important tool we have to help us meet our responsibilities in this area. Click the links below to get general information about password security and specific information about passwords for each state system listed.

  • General Password Security and Guidelines

    Password Terminology

    Types of Characters: There are four different types of characters used in making passwords. Using many different combinations of these character types greatly increases the resources needed to "crack" a password.

    • Upper case letters (A, B, C, etc.), 
    • Lower case letters (a, b, c, etc.), 
    • Arabic numbers (1, 2, 3, etc.), and 
    • Special Characters = ~ # $ % ^ & * ( ) _ + ` : ; " , ?
    Passwords are often the weakest link in a computer security scheme. Strong passwords are important because password cracking tools continue to improve and the computers used to crack passwords are more powerful. Passwords that once took weeks to break can now be broken in hours.

    Password cracking software uses one of three approaches: intelligent guessing, dictionary attacks, and automation that tries every possible combination of characters. Given enough time, the automated method can crack any password. However, it still can take months to crack a strong password. That is why we require the use of strong passwords that include at least three of the four character types.

    An Easily Broken Password is one that can be easily tied back to the account owner such as:

    • user name
    • social security number
    • nickname
    • relative's names
    • birth date
    Names of places (cities or countries), all numbers, all the same letter or number, keyboard patterns (qwerty, jkl;, etc.) are insecure and easily broken.

    A Strong Password is one that:

    • is at least eight characters in length
    • is not a name or dictionary word, and
    • contains at least three of the four types of characters identified above.

    Creating a Strong Password

    Combine short, unrelated words with numbers or special characters. For example: eAt42peN

    Substitute numbers or special characters for letters. (But do not just substitute) For example: "livefish" - is a bad password. "L1veF1sh" is better and satisfies the rules, but setting a pattern of 1st letter capitalized, and i's substituted by 1's can be guessed. "l!v3f1Sh" - is far better, the capitalization and substitution of characters is not predictable.

    Remembering Strong Passwords

    Make the password difficult to guess but easy to remember. Use something to help you remember it such as the title to a favorite song (We all live in a Yellow Submarine = WaliaYS!)

    You may have passwords on many different systems such as your agency's network, IA Data Warehouse, Budget Planning and Analysis System (BPAS), SWIFT, SEMA4, and Employee Self Service. Many users will choose to synchronize their password across the various systems. Even though the different systems have different requirements as listed below, it is possible to find a common denominator across all systems so that a strong password can be synchronized. For example, even if your agency's network allows users to keep their passwords for 90 days, the network probably allows more frequent changes so that users can change their passwords to conform with a thirty day requirement. Similarly, users can use a combination of Uppercase letters, Numbers and Lowercase letters to satisfy the more stringent character type requirements of other systems. Some system passwords are not case sensitive, but will allow both uppercase and lowercase letters.

    Who can I tell my password to?

    • Don't tell your password to anyone! 
    • Be wary of anyone who requests your password for any reason. 
    • If you suspect that someone knows your password, change it immediately. 
    • Don't write down your password. There are several very good, open source (free) tools that allow you to have a different password for all the different programs and websites that you deal with, without actually having to remember all those usernames and passwords available on the web. Of course this all depends on your department policies for downloading outside software. 
  • SWIFT Password Information

    Change your SWIFT password regularly. (more details pending)
  • SWIFT Data Warehouse/Crystal Reports Password Information

    Users must obtain a separate password to access the reports.
    Important note: This password is used only for accessing the SWIFT Data Warehouse via ODBC connections (i.e. for Crystal Reports) and does not impact a user’s security clearance for OBIEE, which is accessed via the SWIFT Administrative Portal using the user’s single sign-on password. 

    Follow these steps to obtain or change the password: 
    1. Log into the SWIFT Administrative Portal - http://portal.swift.state.mn.us 
    2. Click SWIFT Data Warehouse Access from the Enterprise Menu. 
    3. Click Manage Warehouse Password. This opens the page that allows you to establish (or change) the password that you’ll need to access the SWIFT Data Warehouse Crystal reports. 
    4. Create a password of your choosing and enter it in the New Password and Confirm Password fields. 
    5. Click Save. 
    6. Log out. 
    This password will expire every 60 days, and the user must change it following the same steps outlined above. Users may change their password at any time.