Return to the
EBIS Page
Updated 30
Dec 02
Q. What kinds of security
measures safeguard this site?
A. There are three processes used by the Web
site that provide protection against unauthorized disclosure: the use of Secure Sockets Layer (SSL), the
UserID and password authentication and/or DoD PKI Certificate in accessing
AFPC Secure, and use of Social Security Number (SSN) and PIN authentication
within the personal transactions areas of EBIS.
Q. What is Secure Sockets Layer (SSL)? What does it do for me?
A. Secure Sockets Layering (SSL) is an Internet
protocol that provides encryption of data between your browser and the
server. Encryption means your password
and all information relating to you and your account is scrambled and locked
with a mathematical key during the electronic transfer. In point-to-point
encryption, the information is scrambled and locked at both ends. A Web site that is secured with the SSL
protocol has an address that begins with “https://” instead of the one you
are probably more familiar with (http://). You will see the https:// in the address bar of your browser when you
connect to the secure pages of the Web site.
Q. How do I know SSL is working?
A. Most browsers have an icon such as a key or
a padlock on the status bar to represent an encrypted mode or session. A broken key, open lock, or no lock
indicates the session or mode is not encrypted. To check whether you’re using 128-bit
encryption, for Internet Explorer, check “About Internet Explorer” under
“Help.” All versions of Netscape
beginning with version 4.76 provide 128-bit encryption.
Q. What is a browser?
A. A Web browser is the mechanism (an
application on your Personal Computer) used to connect to and surf the
Web. Two of the most common Web
browsers are Microsoft’s Internet Explorer (IE) and Netscape’s Communicator.
Q. What
browsers can I use?
A. Your browser must support SSL and 128-bit
encryption in order to operate within the Web site. Both Internet Explorer Version 5.5 and
higher and Netscape Communicator 4.7 and 6.2 have been tested on the Web site
and are best used. However, if your
browser is configured with SSL and 128-bit encryption it should work (i.e., Spry
Mosaic and numerous other Commercial browsers, including lower versions of
Internet Explorer and Netscape Communicator).
Q. What if I get a timed-out response?
A. You will get a time out error if the session
has expired, if you have bookmarked a page other than the login page, or if
the Web Server you are talking to is rebooted. The session will expire 15 minutes after the
last time you click on a button or click on a link within AFPC Secure. While this includes clicking on a link to go
into a protected application, that starts a separate session within that
application with a separate timer. In
any case, if you get a timed-out error you will need to "Return to Login
Screen" and log in again.
Q. Do I have to accept cookies?
A. Our security relies on a single
"cookie" being sent to your browser which identifies that browser
as a valid source for requests once you log in. If your browser's security is set to not
accept cookies, or if you do not accept the ASP Session ID cookie you will
not be able to enter any of our secure sites. To configure Internet Explorer browser to
accept cookies, click on Tools on the toolbar, then on Internet Options. Select the Security tab, then click on
Custom Level at the bottom of the window. Then scroll down until you see Cookies. Select Enable for both Cookie options. The exact route to the Internet Options
Security selections may vary depending on your version of Internet Explorer. To change in Netscape, click on Edit on the
Toolbar. This will activate a
Preferences Dialog Box. Click on Advanced. Click on "Accept all cookies". If you prefer, you may click on "Warn me
before accepting a cookie". Click
on OK.
Q. I’m confused. What’s the difference between the AFPC
Secure Web site and the EBIS Web application?
A. EBIS is
one of several secure web applications available to Air Force-serviced
appropriated fund civilian employees. Another one is the Electronic Official Personnel Folder (EOPF). Before you can access these applications,
you must first log into the AFPC Secure web site.
Q.
How do I setup my UserID and password?
A. On
your first visit to the AFPC Secure Web site, you may have the option of
logging into AFPC Secure via a UserID and password, or via DoD PKI
Certificate (CAC card and PIN). More
information on logging in via DoD PKI Certificate can be found below. We recommend that you set up a UserID and
password because you may w ant to access AFPC Secure from your home computer
or from another workstation. (However,
if you first access AFPC Secure via DoD PKI Certificate, you will need to log
on to AFPC Secure via DoD PKI Certificate to set up a UserID and
password.) When you reach the AFPC
Secure Login Page, click on the “Civilian” button. The system will require you to enter your
social security number, service computation date (SCD) for leave, civilian
pay plan, grade, and step. You can
find this information on your most recent Leave and Earnings Statement (LES)
or SF 50 (Notification of Personnel Action). The system compares this information against
the Civilian Personnel database to verify that you are an authorized user. Once your identity is verified, the next
page assists you in setting up your UserID and password. You may establish your own UserID or allow
the application to default to the first four letters of your last name and
the last four digits of your SSN. Your
UserID, which is not case sensitive, must be at least 6 characters but not
more than 10 characters in length. You
must also provide a valid e-mail address and a DSN phone number which are
used for verification purposes. If you
don’t have a valid e-mail address, contact one of the commercial providers of
free e-mail to obtain an e-mail account. Once the system accepts your UserID and password, it will send you
back to the Login Screen where you will input your UserID and password and proceed. Don’t forget to set up four password
re-validation questions and answers while logged in.
Q. What is a good password?
A. Your password must be at least 8
characters but not more than 10 characters in length and cannot be the
same as your UserID. The password must
contain a combination of at least 3 of the following 4 characters: uppercase
letters (A-Z), lowercase letters (a-z), numerals (0-9), or non-alphanumeric
"special characters" (i.e., @, #, !, %). Never select a password that is related to
your personal identity, history, or environment. Never select a word that can be found in a
dictionary. A simple method for
developing a password is to create a phrase that you can remember and use the
first letter of each word for your password.
Q.
How do I know what my BEST PIN is?
A. To
make it easier for you, your BEST PIN is the same for the WEB application as
it is for the BEST automated phone system. Your original PIN is your
month and year of birth (MMYY). After 4 Nov 98, you are required to change to a six-digit numeric
PIN. Within each EBIS transaction module (i.e., Retirement, Health,
Life, and TSP), you must provide your SSN and current BEST PIN. If you
are still using a four digit numeric PIN, the system will request you change
to a six-digit numeric PIN. This will become your BEST Phone
and Web PIN.
Q. Can I change my PIN?
A. You can change your PIN as many times, and,
as often, as you want once you have entered the EBIS area. Click the
"PIN" button on the main menu. This will link you to the PIN
Menu. On this page, you can process any one of three actions:
"Change my PIN," "I don’t remember my PIN," or
"Create a PIN."
- To change your PIN, key in your SSN and your current
BEST PIN (4 or 6 digits), then your NEW BEST PIN (6 digits), and
then re-enter the new PIN for verification (6 digits).
- If you don’t remember your PIN, you will key in your
five identifying elements: SSN, date of birth, SCD for leave, pay
plan, grade, and step, new BEST PIN (6 digits), and then re-enter the
new PIN for verification (6 digits).
- Creating a PIN requires you to input your SSN, date
of birth, new BEST PIN (6 digits), and then re-enter the new BEST PIN
for verification (6 digits). We recommend you change your PIN,
especially if you feel it has been compromised.
Q. What if I forget or lose my PIN?
A. When you enter a transaction module in
EBIS, you will be prompted to enter your SSN and PIN. If you have
forgotten your PIN or entered an incorrect guess, you will receive an error
message that says "Invalid Login" or "Pin Not
Found." Click on the "Back" button on your browser.
This will return you to the login page. Click the "PIN"
button on the main menu. Next click on "I don’t remember my
PIN," and follow the steps set forth above. Once you provide the
five pieces of security information, and the system validates the information
is correct, you will be allowed to select a new six-digit numeric pin.
Q. If I change my PIN while in the EBIS web
application, will that also be my PIN in the BEST automated phone system?
A. Yes, if you change your PIN in the EBIS Web
application, you will need to use that same PIN in the BEST automated phone
system. The same process works in
reverse. If you change your PIN in the BEST automated phone system, you
will need to use the same PIN in the EBIS Web application. If, for
whatever reason, you have forgotten your PIN, just go through the applicable
phone or web process to select a new pin.
Q. How many chances will I have to log in?
A. You will have a total of nine (9) chances
to log in before your account is locked. If you get locked out due to forgetting your password, contact the DPC
TAC on the login page who will assist you. If you mistype your password, check to be sure the Caps Lock key was
not inadvertently pressed and try again. Passwords are case sensitive. If you have not logged in to your account within 120 days you will be
required to re-create the account by again providing the five (5) pieces of
personal information, a phone number, and a valid e-mail address. Please try to re-create your account before
contacting the DPC TAC if you have not used AFPC Secure in several
months. If you have used your AFPC
Secure account within the last 120 days, try to re-create your password (this
assumes you established the four questions/answers previously).
Q. How do I access AFPC Secure using my DoD PKI certificate (CAC card) or
software certificate?
A. Make sure you have downloaded the
certificate authorities for the DoD PKI to your browser and that it has been
configured with your DoD PKI certificate. Then access the AFPC Secure Web Site Login Page. A Client Authentication dialog box will
appear. If your name and certificate
number appear in this box, click OK, insert your CAC card into the reader on
your computer, and enter your CAC PIN at the prompt. If you have previously accessed AFPC
Secure, you will then be given access to the secure web applications. However, if this is your first time ever to
access AFPC Secure, the system will then prompt you to enter your SSN when
presented with a page that asks for it. Select the appropriate database, either Military, Civilian, or
Contractor (Other). Next enter your
DSN phone number (required), your FAX phone number (optional), and a valid
e-mail address (required). Click
Submit and you will be done.
Last Updated:
03/26/2004 09:02 AM
(dhp)
For specific questions concerning programs on this site, please address to the POC listed on the respective pages. For information on Air Force Employment, see the Employment Homepage or send E-Mail to the Recruitment Center. For all benefit and entitlements related issues, contact the BEST at 1-800-616-3775 (TDD 1-800-382-0893, or (210) 565-2276 in the San Antonio, Texas area). Send comments or questions concerning the website structure to the
Webmaster For other comments, recommendations and questions, please e-mail our
Director's Office.
|