This article provides guidelines and best practices for managing Banner passwords, including password usage, expiration policies, and account locking procedures. It is intended to help faculty and staff understand how to maintain the security of their Banner accounts and what steps to take if they encounter password-related issues.
Who is Eligible?
Active Faculty or Staff
Overview
Your Banner user ID and password are used to verify your identity, therefore acting as a key to system security. The following guidelines should be followed when utilizing your user ID and password:
	- Make certain that no one can impersonate you (i.e., provide photo id when necessary, do not share birth dates, do not share your Social Security Number, etc.).
- Do not disclose your password to anyone, or allow anyone to observe your password as you enter it during the sign-on process.
- When selecting a password avoid passwords with any personal associations, or ones that are simple and short.
- If you believe that your Banner account has been compromised, please change your password immediately and contact the Helpdesk for assistance in determining if any information may have been inappropriately accessed or utilized.
Password Guidelines
Banner Password Guidelines
Access to the Banner database requires a password. Your password must be at least 8 characters in length and should meet the following guidelines:
	- Characters should include:
	
		- Letters (a, b, c, A, B, C, etc.); however, note that case is ignored in Banner passwords.
- Numbers (1, 2, 3, etc.).
- and MAY include the underscore special character (‘_’); however, no other special characters are allowed.
 
- Passwords must use at least 2 letters and 2 numbers.
- Numbers and the underscore must not be the first or last character in the password.
- Banner Passwords can NOT contain any consecutive repeating characters, for example: (mm, 44, etc)
- Passwords can NOT be reused in a 12 month window
To further ensure the security of Banner passwords you will be required to change your password every 90 days. Starting at the time of the first login after the 76th day (2 weeks before the 90 days have passed), you will be given a two (2) week grace period during which you may log in without changing your password. If your password is not changed within this time your password will expire, and you will be forced to change it.
After you have logged on, the Banner system will attribute all activity to your user id. Therefore, never leave your workstation without either locking your machine or logging out of the Banner system - even for a few minutes.
Shared NetID Account Passwords
In some special cases, Shared Accounts are required. These special circumstances require the advance approval of the Security administrator in University Technology Services. Every effort will be made to define a process that requires each individual to log in under a private individual log on. If a process cannot be defined, a group account will be created. Individuals sharing the group account should only do work assigned to the group while logged in under the group account. Group account access will be limited to just the work that the group account requires, and not the maximum access allowed to each individual in the group. Individuals in the group will also have individual accounts, and those accounts should be used whenever possible. To maintain a secure environment it is imperative that when a member of a Shared NetID Account leaves Oakland University that the following steps be taken:
	- Change the password of the shared account immediately after the employee/faculty member has left the university.
- Notify the Oakland University Technology Center of this change by calling (248) 370-4357
- When creating the new password please follow the same guidelines outlined in the above section
Banner password expiration and account locking
The purpose of this document is to inform users about what to expect when their Banner (or Oracle) passwords have expired, or are about to expire. As a security precaution, Banner passwords must be changed every 90 days. Passwords are maintained on the Banner form GUAPSWD.
Some applications (such as MS-Access) may not display the explicit Oracle error messages described in this document. If you are having trouble logging in to a Banner-related application and you are not sure why, try logging into Internet Native Banner to see if the problem is related to an expired password or locked account.
Banner 9 requires additional password reset steps.
The Banner 9 login authentication process requires your NetID and Password to login.
Once you have successfully logged in, Banner 9 also relies on your Banner ID & password for security permissions and role-based access. That password is set to periodically expire. If you receive an error message similar to: “Your Session has expired” after you have logged in, the Banner password has expired and needs to be reset. You may be able to successfully authenticate with your NetID, but you are not able to access any administrative pages.
To reset your Banner password, you may be able to change it within Banner Admin pages by going to GUAPSWD and executing a password reset.
If you cannot get to the GUAPSWD screen, you will need to go to
https://www.oakland.edu/uts/faculty-and-staff-services/ban-reset and reset/unlock your Banner password.
You will only use this password to enable access to administrative pages and to log in for ODBC access.
Password is about to expire
When your account is created, your password is set to expire 90 days from that time. The first time you try to access Banner after 76 days have elapsed (2 weeks before the 90 days), a 14 day grace period will begin. It does not matter how much time passes between the end of the 76 days and this first login attempt. So, if you are on vacation or sabbatical, and your password expires during that time, the 14 day grace period will begin the first time you login upon returning.
During this grace period, when you access the Banner database, depending on which application you are using, you may see the following message: "ORA-28002: the password will expire within N days". If you receive this message, and click OK, your login will complete successfully. During this time, you can use the GUAPSWD form in Banner to change your password.
Password Has Expired
Your password may expire for one of two reasons:
	- A security administrator manually expired your password, or
- You were notified that your password would expire, but you did not change your password during the 14 day grace period (described above).
When your password expires, you will be forced to change it. When you try to access the Banner database (whether you are using Banner, or another application, such as MS-Access, SQL*Plus, etc.), you will see a dialog that will guide you in changing your password. (Banner users will first receive the following message: "ORA-28001: the password has expired", and will need to click OK to see the dialog). If you cancel out of the change password dialog, you will not be able to log in. However, you will still have the opportunity to change the password the next time you try to login to Banner.
Account is locked
Your Banner account may become locked for any of the following reasons:
	- Your account will be locked automatically after 3 failed login attempts. In this case, the account will remain locked for 10 minutes, after which it will be unlocked automatically.
- Your account will also be locked if it is not used for 90 days. Accounts locked for this reason will remain locked. OU Employees may use this online utility to unlock the account.
- A security administrator may also manually lock accounts in extreme circumstances to prevent potential security breaches. Accounts locked for this reason will remain locked until manually unlocked by the security administrator.
If your account is locked, then when you access the Banner database, you will receive the message "ORA-28000: the account is locked", and you will not be able to log in. If your account is locked for any reason other than reason 1 (described above), you will need to have it unlocked.
You may use the online utility to unlock your account or reset the password. The link is found here:
https://www.oakland.edu/uts/faculty-and-staff-services/ban-reset
For help on using the utility, visit the Banner Unlock Reset Help document. Please note that the reset utility must be used while on campus connected to a wired port.
If you are a temporary employee, then the online utility cannot be used. In this case, please submit the Banner - Unlock Account/Reset Password (Guest,Shared,Other) form as found on the Forms Page. This option will require you to pick up your password from 220 Dodge Hall with valid ID. After you have received the new password, you can refer to the above paragraph on expired passwords.
Additional Support
	- OU Technology Center
- 44 Oakland Center
- Rochester, MI 48309-4479
- (248) 370-4357
- Office Hours: M-F 8:00am - 5:00pm