What is two-factor authentication?
Two-factor authentication is a process by which two independent authentication methods (such as a security code produced by a physical token in addition to a user name and password) are utilized to increase confidence that an individual attempting to access a secure system is authorized to do so.
Why is two-factor authentication required?
The State Regulatory Registry (SRR) is implementing this feature in connection with the Federal Registry to satisfy federal data security standards requiring individuals who have access to personally identifying information to provide an additional level of verification prior to gaining access to the information.
Which NMLS users will be subject to two-factor authentication?
NMLS will require any Federal Registry user who has access to more than one individual’s personally identifying information (i.e., information that is not his or her own) to use two factors of authentication to access the Federal Registry. The following Federal Registry users will be subject to two-factor authentication:
- Institution Users (i.e. Account Administrators and User Accounts)
- Federal Agency Users
- Support Users (i.e., NMLS Call Center and SRR staff)
Will each mortgage loan originator be subject to two-factor authentication requirements?
No. Individual mortgage loan originators who only have access to their own personally identifying information will only need their system-generated user name and password to access NMLS.
How will two-factor authentication work?
Registry users will be required to register and provide credentials to gain access to the system using SRR's contracted two-factor authentication vendor VeriSign. Users subject to two-factor authentication will have to acquire a credential directly from VeriSign, pay an annual subscription fee to NMLS and register their credential with NMLS.
When should I obtain my credential and which type of credential will be required?
Credentials can be obtained now at the VeriSign Identity Protection Center website. See 
Quick Guide: Choosing a Verisign Security Credential for more information about choosing a credential. Institutions are encouraged to obtain credentials prior to the opening of the Federal Registry.
Do I have to pay any fees for two-factor authentication?
Yes, users will need to pay an annual subscription fee of $55 for each NMLS user account that requires two-factor authentication. See the request for public comment on proposed Federal Registry fees for further information. Institutions will have the ability to pay the subscription fee on behalf of its users. In addition, users may need to pay for their credential, depending on which credential type they choose.
If I already have a two-factor credential through VeriSign do I have to purchase another one to use for NMLS?
No, if you have a VeriSign Credential you will be able to register and use it with NMLS and will not be required to obtain an additional one.