When you turn on your workstation in the morning, you will be greeted with the “Press Ctrl- Alt- Delete to begin” box. After you press “Ctrl- Alt- Delete” you will see the Windows Login Window asking for a username and password. Passwords can be an easy entrance for unwelcome visitors to the network. Anyone who knows an account name and password can log on using that account. Users should take care to keep their passwords secret. Do not write down your password but do choose one that is easy for you to remember Another potential security risk is that users sometimes leave their desks while their accounts are still active allowing anyone who passes by to gain access to the machine. This is an especially dangerous security threat to Administrator-level accounts To lock your Windows workstation press Ctrl-Alt-Delete and press the "Lock Workstation" button. To unlock it, press “Ctrl- Alt- Delete” again, and type in your Windows password.

Changing Your Windows Password

The first time you change your network login password after August 1, 2019 you will have different requirements for building your password. Even though the password now must be longer, it will last for 180 days rather than 30 days as we now require.

A good method for changing your password once you are logged in is to press Ctrl-Alt-Delete at the same time and click on the button that says "Change Password". Then change your password from this screen. Your Windows password is Case-Sensitive. After 3 failed attempts to log on, the system will lock your account barring anyone from logging in using your username and password. This lock will be reset automatically after 10 minutes. This is a security feature to discourage hackers from guessing your password. Windows passwords expire every 30 days, and are case-sensitive. Passwords must be at least eight (12) characters long and no longer than (127) characters long. Passwords must contain characters from three of the following four categories:

1. English uppercase characters (A through Z)
2. English lowercase characters (a through z)
3. Base numeric 10 digits (0 through 9)
4. Non-alphabetic characters (for example, !, $, #, %)

Additional Requirements

• Must not contain the user ID
• Must not have a lifespan that exceeds one hundred eighty (180) days.
• Must be different from the previous twenty-four (24) passwords.

Passwords will not be re-used for at least twelve (12) cycles. Passwords cannot contain the user’s logon name. The password cannot contain the users first or last name. If you forget your password in headquarters you can contact the KDOT IT Service Desk at 296-0315. If you are in the Districts please call your District Tech.

Within KDOT, Domain usernames and passwords are stored in what is called the DTNT domain (which stands for the Department of Transportation NT domain). The DTNT domain is a central database which uses Active Directory to keep track of valid user accounts. A problem which we encounter frequently is that users unknowingly are logging into their workstations using a local account which exists only on their workstation, not an account in the DTNT domain. To make sure that you are logging into your workstation using a DTNT account rather than a local account, press the Ctrl-Alt Delete keys and you should see a screen that says "you are logged in as DTNT\username". If this does not say DTNT\username then you are not logging into the DTNT Domain, but only locally on your workstation. If you are logging in locally please contact the KDOT IT Service Desk or your District Tech to get this corrected.

Your Domain username and password (specifically the DTNT username and password) is also the username and password needed to access KDOT’s Intranet from home. When you try to get into / from home you get prompted for a username and password, this is your Domain username and password. If you do not have Windows at work you can still get a domain username and password assigned in order to access KDOTWEB from home by contacting the KDOT IT Service Desk.

If you are using ROSKAN, CICSP or TSOQ you are using a mainframe "Top Secret" userid and password. If you use Crystal, VB .Net, SQL Server, Oracle to select DB2 data, you use a mainframe "Top Secret" userid and password to authenticate. "Top Secret" userid and password to authenticate. Every KDOT userid will be DT99XXX. All userids start with DT. The 99 represents the bureau or district number. The XXX are either your initials or a previously specified three character designation for area or district headquarters.

Top Secret restrictions are as follows:

1. Password must be 8 characters in length.
2. Each password must contain at least one letter. Each password must contain at least one number.
3. Each password may use the special character @, # or $.
4. Upper case and lower case are transformed to upper case and stored in Top Secret.
5. No letter, number or special character may be immediately repeated; for example, gere2013 is OK but geer2011 is not.
6. The first three characters in the password may not be reserved words; for example, MAR (month), MON (day of the week), PRI or DEL (verbs used by software).
7. Passwords can not contain 3 consecutive characters of your name.
8. Your previous 12 passwords are remembered and cannot be reused within that 12 password cycle.
9. Passwords can be changed biweekly and must be changed every 31 days.

Helpful Hints for Multiple Passwords

(KDOT Ethernet System network password requires the use of 3 out of the 4 categories: alphabetic uppercase, alphabetic lowercase, digits, Non-alphabetic Characters)

• If use only Mainframe and Windows network you must use 8 characters and limited to @ # $ as non-alphabetic characters: Examples: Comes2me Ppcrn#bl Iwk4KDOT
• If you use only the Windows network or do not care if it is synched with your other passwords you have many choices. Examples: Come2^fair Moonjumpedover^cow

To check your leave balances, view your paycheck online, or update your W-4 information, you can sign in to the Self Service Center on the Department of Administration’s Website. If you have forgotten your password or have locked your account you may call the NCC Help Desk.

The following is a list of reserved words (the list changes with each successive software release). It is the default Restricted Password List. No passwords may begin with any of the strings from this list (but the strings may appear within a password, e.g. DOCTOR).

• APPL
• APR
• ASDF
• AUG
• BASIC
• CADAM
• DEC
• DEMO
• FEB
• FOCUS
• GAME
• IBM
• Jan
• JUL
• JUN
• LOG
• MAR
• MAY
• NET
• NEW
• NOV
• Oct
• PASS
• ROS
• Sep
• SIGN
• SYS
• TEST
• TSO
• VALID
• VTAM
• XXX
• 1234