My web
Requirements for User and System IDs
Below are details and practices for User and System IDs.
| ID Type | Purpose of ID | ID Restrictions | Password Reset Frequency Required | Who Can Manage? |
|
User ID
|
To allow an end user to access the user interface (UI) of a Fannie Mae application
|
Not to be used for application-to-application integration nor shared amongst end users
|
Reset password every 30, 60, or 90 days Exception: Federated users will follow their organization password reset requirements and do not need to reset password for Fannie Mae credentials every 30, 60, or 90 days |
Corporate Administrators
|
|
System ID
|
For application to application integration
|
Not to be used to access the user interface (UI) of a Fannie Mae application other than for the purpose of authorizing access to a Fannie Mae data integration
|
Reset password / SSH keys (B2B/SFTP transactions only) every 365 days
|
Corporate Administrators see Managing System IDs for a Corporate Administrator User Administrators (only if the Customer Profile doesn’t allow for a Corporate Administrator). See Managing System IDs for User Administrator |
Passwords Criteria:
- Be a minimum of 8 and a maximum of 256 characters long
- Contain at least 1 numeric character
- Contain at least 1 uppercase letter
- Contain at least 1 special character. Allowed special characters include: ! @ # $ % ^ * ( ) _ + = - ` ~ [ ] \ { } | ; : , . / ?
SSH Key Criteria:
RSA 2048 bits (3072 bits or greater recommended) or ED25519 (greater than or equal to 256 bits)