My web
Policy for User IDs and System IDs
See the below details and practices for User IDs and System IDs.
| ID Type | Purpose of ID | ID Restrictions | Password Reset Frequency Required | Who Can Manage? |
|
User ID
|
To allow an end user to access the user interface (UI) of a Fannie Mae application
|
Not to be used for application-to-application integration nor shared amongst end users
|
Reset password every 30, 60, or 90 days Exception: Federated users will follow their organization password reset requirements and do not need to reset password for Fannie Mae credentials every 30, 60, or 90 days |
Corporate Administrators
|
|
System ID
|
For application to application integration
|
Not to be used to access the user interface (UI) of a Fannie Mae application other than for the purpose of authorizing access to a Fannie Mae data integration
|
Reset password / SSH keys (B2B/SFTP transactions only) every 365 days
|
Corporate Administrators see Managing System IDs for a Corporate Administrator User Administrators (only if the Customer Profile doesn’t allow for a Corporate Administrator). See Managing System IDs for User Administrator |
Passwords Criteria:
- Be exactly 8 characters long
- Contain at least 1 numeral
- Contain at least 1 capital letter
- Contain at least 1 of @ or _ or -
SSH Key Criteria:
RSA 2048 bits (3072 bits or greater recommended) or ED25519 (greater than or equal to 256 bits)