Access Manager: Password Reset Reminders Enhancements
Last year we announced that we were further enhancing our access management standards, to ensure your data is always protected. As part of that enhancement, we started requiring system-to-system (S2S) credentials for Freddie Mac tools be reset every 365 days or else the account’s password would expire, and the account would be locked until the password is reset. Users and administrators are alerted with emails 90 days, 60 days, and 30 days out, if they’re in danger of having their passwords expire, leading to a disruption in access.
Freddie Mac also implemented a process to disable any S2S accounts that have not been utilized in 365 days. On October 1, 2022, Freddie Mac Access Manager will begin copying administrators on email notifications that are sent out 30 days prior to the S2S account being disabled to ensure administrators are aware and can either utilize the account before it is disabled or allow the account to be disabled by the automated process.
Additionally, administrators have the option to add an alternate email address for S2S accounts to receive password reset reminder alerts.
Here’s more information about the enhancements in this Access Manager release:
Administrator Email Notifications
Administrators will be copied on 90 -, 60 -, 30 – day password reset reminder notifications and 365-day inactivity emails so they’re aware that a user’s S2S account requires a password to be reset or the account is in danger of being disabled due to inactivity.
We’ve also added the option for administrators to provide an alternate email for S2S accounts, to which password reset reminder notifications can also be sent. We encourage administrators to consider making this alternate email a shared or group email box to make it more likely that the message is received and decreases the chance that the message gets lost if an administrator leaves the company.
Below is what administrators will see if they decide to add an alternate email address: