Security FAQ - Mainframe

Mainframe - Do you have any suggestions for mainframe passwords?

In conjunction with using the following password creation tips, it is important to remember that all passwords should contain one of the following special characters: "#", "$", or "@". These are the only 3 that RACF will allow.

The password must contain a number or one of the following special characters: @, #, or $.

1)Create a phonetic sentence using the pronounced sounds of the letters, numbers, or special characters.
Examples: ITD24GET ("I tend to forget), RULOSTD? ("Are you lost today?"), 187#2DAY ("I ate seven pounds today")

2)Concatenate short, unrelated words with numbers or other characters in between. GO$CATSA, BEES&PAW, %BLACK13 CAT#2HAT

3)Use the first letter of each word in a poem or song until you have enough letters (e.g., at least six). JAJ$WUTH ("Jack and Jill went up the hill")

4)Mirror a word (in either direction); repeat process or truncate letters as needed to get appropriate length. omymyomy, boy2yob2

5)Take someone else's full name that you can easily remember. Divide it into segments or blocks of the length you need for your password. You may rotate back through the name again if you need additional letters or truncate any extra letters. Drop the first block. Use any other block that is not an exact match for a proper name or word. Then you can add a number at the end. "John Quincy Adams" JOHNQUIN (Drop) CYADAMS3 (Keep)

6)Take a word from the dictionary that is long enough to qualify as a password. Replace some or all of the vowels with numbers or special characters (e.g., "#", "$", "@"). Mornings M$RN$NG, Psychotic PS#CH#TC

7)This one creates difficult passwords. Using the telephone keypad (but assigning "Q" and "T' to the number "I") as shown, choose a number you can easily remember and translate it into letters. If your number includes a zero, just keep the "0" as the character for your password. You will note that for each number (except zero) you will have at least two letter choices. 239-5678 = BEW#JMPT

8)Take a word from the dictionary (or a proper name you like) that is long enough to qualify as a password. Put all of the vowels together and all of the consonants together. Friends IE$FRNDS, Douglas OUA&DGLS

These techniques may help users to invent techniques of their own. Just using a technique of some sort improves one's ability to memorize a password. Passwords, of course, must not be written down or stored where someone might discover them. Moreover, as good as the examples used here are, users should not adopt them as their own. They will probably find their way into some password-cracking dictionary. This document is intended to provide information on the subject matter covered for educational purposes only. Crowe, Chizek and Company LLP is not rendering any legal or other professional advice, opinions, or services.

This document does not give rise to, and Crowe Chizek does not assume, any duties or liability whatsoever in connection with the information presented herein or any use thereof.

Mainframe - Entering my RACF password is confusing. How does it work?

The RACF id is a universal id, meaning that the password for that id is used everywhere the id is used, including Intranet access, TSO, KYNET, etc.

Throughout the abbreviations for oldpw is the user’s current password; newpw is the new password the user wants to change to.

RACF requires every user to change their password every 30 days. When the 30 days have passed, the system notifies the user their password has expired, and the user must change their password. Any RACF id that is not used in 60 days is automatically revoked by the system. When logging in, the system notifies the user that the id has been revoked and the user must notify the appropriate security personnel before being able to use that id again.

Users are given three tries to enter the correct password. If an incorrect password is entered all three times, the RACF id is automatically revoked by the system. The user must notify the appropriate security personnel before being able to use that id again.

For users with a new RACF id, the oldpw will be provided to them. The first time the user logs in, that password must be changed.

To change a password for a RACF id via the Intranet login screen, use one of the following procedures: Enter oldpw in the password line.
You will be asked to enter userid again, and password.
In the password line, enter: oldpw/newpw/newpw (The slashes must be entered as shown)
Click "Change"
A message box pops up stating that password has been changed. Click "RetryRequest".
A message box pops up stating authorization failed. Click "OK". Login screen pops up again. Enter userid and the new password.

Change password directly on password line:
In the password line, enter: oldpw/newpw/newpw (The slashes must be entered as shown). Click "OK". Password has now been changed.
If a message box pops up stating authorization failed. Click "OK".
Login screen pops up again. Enter userid and the new password.

To change a password for a RACF id via the TSO or KYNET login screens:
In the password line, enter: oldpw
In the new password line, enter: newpw
Press the enter key.
In the new password line, re-enter for verification: newpw
Press the enter key.
The password has now been changed to newpw.
User is now logged into TSO or KYNET.

The newpw entered must meet the following requirements:
Four to eight characters in length.
Note: Even though the system will accept a length of eight characters, it is recommended that no more than seven characters be used.
Alphanumeric format, meaning it must have at least one alphabetic character and one numeric character.
Cannot be the same password used as any of the last three passwords by this user.

Examples of formats:
AB7 invalid – must be at least 4 characters in length
ABCD invalid – must have numerics also
12345 invalid – must have alphabetics also
ABCDEFGH7 invalid – must be no more than eight characters in length
ABCD7 valid
7ABCD valid
ABC7D valid

Examples of not using the same password as any of the last three passwords:
VXR4 Your current password
AZBQ37 The password you used before changing it to VXR4
XYZ3 The password you used before changing it to AZBQ37
HIDY7HO The password you used before changing it to XYZ3
When creating your new password, you CANNOT use VXR4, AZBQ37, or XYZ3, but you CAN use HIDY7HO again, or anything other password that meets the password formatting requirements described above.

Mainframe - I don't see requested changes for SDSF permissions, what's wrong?

The changes to the SDSF Parms are completed immediately by Security Services after your request is received. However, the system tables that reflect that change have not been refreshed. If you need the tables refreshed immediately, just let us know.
Mainframe - Obtain a mainframe account?

Your Agency Security Contact (if you are in another state agency) will need to fill out a F181 form and send it to Mainframe Security Team. You can also fax it to 502.564-6856. This form is also needed to request additional permission after the initial account has been set up.
mailto:GOTMainframeSecurityTeam@ky.gov
Mainframe - What software can I use to attach to the mainframe?

Mainframe connectivity software for terminal emulation and file transfer (FTP)
Electronic Services Software