Managing ESR Passwords
To further help our ESR users manage their ESR Password more easily, but retain the recommended levels of security, we are making some further changes to the rules.
Why are we changing the rules?
We have listened to employee feedback about the challenges of Password management in ESR and understand that this is an area that can cause frustration for users. As the national workforce management system for the NHS it is vitally important that we safeguard the security of your data whilst balancing the need to make logging into ESR as easy as possible.
Our Password rules have always aligned with guidelines set out by the National Cyber Security Centre - https://www.ncsc.gov.uk/ but understand that further changes need to be made to help NHS employees when they need to reset their Password.
What are we doing?
We have simplified our policy whilst ensuring that we retain the recommended rules.
Since April 2021:
There has been no expiry period enforced by default for Passwords on new ESR accounts. We strongly encourage NHS Organisations to consider the use of expiry periods on employee user accounts if you are still using them.
From August 2021:
We will remove the repeat/sequential character rule. This will leave 3 rules for Password requirements (as listed on the password reset page):
- Minimum password length of 12 characters.
- The password cannot be the same as any of the previous 4 passwords.
- Commonly used passwords, such as “password1”, are not allowed.
To help NHS employees and Organisations we are currently developing a new Password Help section on the ESR Hub. This will have simple guidance that will help employees better manage their ESR Password and provide guidance for NHS Organisations about how they can help remove the pain points of ESR Passwords for their Employee Self Service users.
The new Password Help section of the ESR Hub will be available from 13:00 on Friday 30th July 2021.
Your online payslip is waiting for you - before pay day
Whilst you might know when your pay day is, do you know when your Organisation releases your payslip for you to view online via ESR? Some Organisations release payslips to employees up to six days before pay day, giving their employees the opportunity to check their salary before it gets paid into their bank account.
An enhancement to ESR at the end of December 2020 enabled NHS employees with access to ESR Employee Self Service to opt into online payslip email notifications. Once selected this switches on the email functionality and you receive an email (to the email address that is saved in ESR) when your latest online payslip is available to view. You can then login to ESR to view, download and print off your payslip if you want to - giving you control of accessing your pay data, when and where you want via your computer, mobile phone or tablet.
By May 2021, 5 months after the enhancement was launched, over 390k employees had opted into this notification feature and received an email advising them that their payslip was available online. This figure continues to increase month-on-month as more NHS employees opt to use online payslips.
There are over 1.88 million NHS employees who have switched to online payslips; this is over 81% of NHS employees who use ESR that now don’t receive a paper payslip. This is helping NHS Organisations save on postage, distribution and administration costs, helping to reduce the NHS Carbon Footprint and supports a cleaner, greener environment.
If your Organisation is yet to make the switch to online payslips, you don’t have to wait. You can opt out of paper by simply clicking the opt out button on the payslip/P60 portlet in ESR.
For more information visit the ESR Hub at https://my.esr.nhs.uk/dashboard/web/esrweb/implementing-online-payslips or contact your NHS ESR Functional Account Manager.