What Is This ‘ID Administrator’ Email from DFS?

February 20, 2026

Many of you received an email earlier today from the New York State Department of Financial Services (DFS) informing you that you have been selected as an ID administrator. A lot of you contacted our office with three questions: Is this email legitimate? What does it mean? What do I have to do?

It is legitimate. The short answer to the other questions is an administrator manages access to DFS systems on behalf of the agency. It sounds more onerous than it is.

Background

If you have used applications on the DFS website for any length of time, you probably know that they have separate login credentials. For example, if you want to process a license renewal on the site, you log in with your license number and a password that’s a mashup of your date of birth and Social Security number. If you want to submit a filing related to the cybersecurity regulation, there is a separate ID and password for that. There are likely other applications that require their own login credentials, but those are the two most Big I New York members use with any regularity.

Starting later today and continuing over the weekend, DFS will halt access to those systems while they implement a new system called DFS ID. If it works as intended, DFS ID will permit a user to create a single ID and password that will give them access to various DFS applications. No longer will you have to retrieve one set of credentials to renew your license and another set to make your agency’s cybersecurity compliance filing. One ID and password will do it.

The Mechanics

DFS describes DFS ID as an “invitation only” system. They invite ID administrators and the administrators invite others in the organization to be users. Different users in an agency have different roles in the system (read more about those roles in the system user guide.) An administrator can invite other users, assign them roles, delete them if they leave the agency, name someone else as an administrator, and so on.

Every regulated organization must have at least one ID administrator and can have more than one.

It is important to know that, once DFS ID is live, the only way to access applications such as LINX is through that system, and you must have credentials to log in to it. That’s what makes ID administrators important – they can manage that access for their agencies.

Lastly, DFS ID will require multi-factor authentication (MFA), just as agencies must have in place under the cybersecurity regulation. Administrators will need to download and install an authentication app (Google Authenticator and Microsoft Authenticator are probably the most popular) on their smartphones to get the code required for MFA. Many of you may already have an app like that for your agencies or personal use.

Helpful Resources