Two-Factor Authentication

What is two-factor authentication?
Two-factor authentication is a process by which two independent authentication methods (such as a security code produced by a physical token in addition to a user name and password) are utilized to increase confidence that an individual attempting to access a secure system is authorized to do so. 

Why is two-factor authentication required?
The State Regulatory Registry (SRR) is implementing this feature in connection with the Federal Registry to satisfy federal data security standards requiring individuals who have access to personally identifying information to provide an additional level of verification prior to gaining access to the information. 

Which NMLS users will be subject to two-factor authentication?
NMLS will require any Federal Registry user who has access to more than one individual’s personally identifying information (i.e., information that is not his or her own) to use two factors of authentication to access the Federal Registry. The following Federal Registry users will be subject to two-factor authentication:

  • Institution Users (i.e. Account Administrators and User Accounts)
  • Federal Agency Users
  • Support Users (i.e., NMLS Call Center and SRR staff)

Will each mortgage loan originator be subject to two-factor authentication requirements?
No. Individual mortgage loan originators who only have access to their own personally identifying information will only need their system-generated user name and password to access NMLS.

How will two-factor authentication work?
Registry users will be required to register and provide credentials to gain access to the system using SRR's contracted two-factor authentication vendor Symantec (formerly known as VeriSign). Users subject to two-factor authentication will have to acquire a credential directly from Symantec, pay an annual subscription fee to NMLS and register their credential with NMLS. 

When should I obtain my credential and which type of credential will be required?
Credentials can be obtained on the Symantec website. See Quick Guide: Choosing a VIP Security Credential for more information about choosing a credential. 

Do I have to pay any fees for two-factor authentication?
Yes, users will need to pay an annual subscription fee of $55 for each NMLS user account that requires two-factor authentication.  See the request for public comment on proposed Federal Registry fees for further information.  Institutions will have the ability to pay the subscription fee on behalf of its users. In addition, users may need to pay for their credential, depending on which credential type they choose. 

If I already have a two-factor credential through Symantec do I have to purchase another one to use for NMLS?
No, if you have a Symantec Credential you will be able to register and use it with NMLS and will not be required to obtain an additional one.