Fire Commission Home ConceptKCTCS/KCTCSConcept

NFIRS Password Update

***NEW RULES FOR CHANGING NFIRS PASSWORDS***

In December 2012, NFIRS software Release 5 contained an enhancement to passwords on the NFIRS System. Passwords must now contain a special character, welcome1 is no longer valid but welcome1! is a valid password.

If you change a password and forget to include the special character when you click OK on the Change Password dialog box the message: Password Changed Successfullyamp;rdrdquo; will appear, however when you click Save on the User Maintenance screen the system will display the message: Attempt To Save User Changes Failed. To correct that, reopen the Change Password dialog box and reenter the desired password using special characters accepted by the system which include ~ ! $ % ^ * ( ) - _ + = [ ] ; : . / lt;

The CR updated NFIRS password rules to match DHS policy. DHS 4300A specifies that passwords shall:
Be at least 8 characters in length.
Contain a combination of alphabetic, numeric, and special characters.
Not be the same as the previous 8 passwords
There is not a specific DHS-required minimum lifetime, but one should be selected to prevent circumvention of reuse restrictions. Based on DHS configuration guidance for operating systems, 1 to 7 days is recommended.
Additional DHS password requirements that can be satisfied by user education if they cannot be enforced by the application:
Passwords shall not contain any dictionary word in any language.
Passwords shall not contain any proper noun or the name of any person, pet, child, or fictional character. Passwords shall not contain any employee serial number, Social Security number, birth date, phone number, or any information that could be readily guessed about the creator of the password.
Passwords shall not contain any simple pattern of letters or numbers, such as qwerty, or xyz123.
Passwords shall not be any word, noun, or name spelled backwards or appended with a single digit or with a two-digit year string, such as 98xyz123.
Pass phrases, if used in addition to or instead of passwords, should follow the same guidelines.