Understand and Utilize EDGAR CIKs, Passphrases, and Access Codes

Oct. 5, 2023

Jump to sections:

Overview of access codes associated with each EDGAR account

There are five (5) different significant pieces of information associated with each EDGAR filer account:

  1. A central index key (CIK) number, a unique number the SEC assigns to each EDGAR filer. It is used with a password for login identification and identifies the submitter—which could be a registrant, a non-registrant, a filing agent, or a training agent. You can log in to EDGAR using any valid CIK-password combination. 

    The CIK:

    • Is made available to the public. 
    • Allows the SEC to differentiate between filing entities with similar names.
    • Is a permanent identifier; it may not be changed and never expires.
    • Is assigned regardless of whether filings are made on EDGAR or submitted to the SEC in paper.

    The CIK is also used with the CIK confirmation code (CCC) in submissions to identify the registrant.

    If you already have a CIK but have forgotten, misplaced, or otherwise want to change it, you may look it up by searching for your company name using the EDGAR company search.

    Regarding training agents—training agents may only send test submissions.

    Regarding broker-dealers—a broker-dealer does not request a new CIK. As a result of their initial registration with FINRA and the CRD feed that comes into EDGAR, broker-dealers are already assigned a CIK. Broker-dealers who wish to begin filing electronically on EDGAR must submit a Form ID application by following the Apply for EDGAR Access: Applicants With a CIK but Without EDGAR Access Codes on the EDGAR Filer Management Website.

    Regarding filing agents—filing agents may have several CIKs for accounting and management purposes. For example, a filing agent may use a different CIK for each operating office, each industry group, or for certain categories of filers on whose behalf they make an SEC filing. If a filing agent is submitting filings on behalf of another entity, the filing agent must use one of their filing agent CIKs to log in to EDGAR along with the entity’s CIK and CCC to transmit the filing. If a filing agent is making filings on their own behalf, however, they must use the filing CIK assigned to them.

  2. A passphrase, consisting of eight (8) characters, that filers create during the process of applying for EDGAR access (Form ID). The passphrase:

    • Consists of eight characters having at least one number (0-9) and at least one special character (@, #, $, *). 
    • Is case-sensitive and you must use it exactly as created, either upper case or lower case.
    • Never expires.
    • Is a very sensitive code that should be strictly controlled; access to it within your organization should be extremely limited.

    Use the EDGAR Filer Management Website to submit a request for a new passphrase; the request must be accepted by the SEC.

  3. A CIK confirmation code (CCC) used in conjunction with the CIK to ensure authorization for filings and to retrieve and edit data. A CCC:

    • Consists of eight characters having at least one number (0-9) and at least one special character (@, #, $, *). 
    • Is case-sensitive and you must use it exactly as created, either upper case or lower case.
    • Never expires, but can be changed by the filer at any time by using your PMAC.
    • Can be re-generated at any time by using your passphrase.

    Use of the CCC in submission headers. Because the CCC is case-sensitive, if you use lower case letters when the CCC is created or changed, you must use lower case letters when entering the CCC in the submission. To avoid confusion, we do not use the number 1 (one), the lower-case letter “l” (el), the number 0 (zero), or the capital letter O (oh) in assigning codes. We suggest that you also avoid using these numbers and letters when changing your CCC. You will need both a CIK and its corresponding CCC to submit a filing.

    Releasing the CCC to filing agents and financial printers—if you use a filing agent, you may release the CCC to your agent because you must include a CCC in your submission. When a third-party agent submits a filing for you, the agent uses its own login CIK and password to establish authorization to make a submission. However, the agent must use your CIK and CCC in your submission in order to identify you as the entity for which the submission is being made.

    Changing your CCC—we recommend that you change your CCC after a third-party filing agent has used it for a submission on your behalf. This will prevent the filing agent from inadvertently making unauthorized filings using your access codes. (This can occur if a filing agent does not carefully check the codes it uses in a filing prior to submitting it). You may also want to change your CCC for security purposes. 

  4. A password that allows you to log into the EDGAR system and change the CCC. Since a CIK is public information, this second, confidential code is necessary to ensure that whoever is logging into EDGAR is authorized to do so. EDGAR uses your password in combination with a CIK to identify the entity making a submission. 

    The password: 

    • Consists of 12 characters having at least one number (0-9) and at least one special character (@, #, $, *). 
    • Is case-sensitive and you must use it exactly as created, either upper case or lower case.
    • Can be changed at any time by using your PMAC.
    • Can be re-generated at any time by using your passphrase.
    • Expires annually from the date you created it or was last changed so please ensure you change your password annually via the EDGAR Filing Website. When you access the EDGAR Filing Website or EDGAR Online Forms Website, you will see your password's expiration date in red at the top of the screen.

    Although your CIK is public and you may give it and the CCC to your agent to make submissions on your behalf, you should hold your password in strictest confidence.

    Please note that as of September 2019, passwords have changed from an eight (8) to a twelve (12) character format. Your 8-character password created before this time will still be valid until its expiration date. We suggest you change it to 12 characters when prompted.

  5. A password modification authorization code (PMAC) that allows you to change your password. 

    The PMAC:

    • Consists of eight characters having at least one number (0-9) and at least one special character (@, #, $, *). 
    • Is case-sensitive and you must use it exactly as created, either upper case or lower case.
    • Never expires.
    • Can be re-generated at any time by using your passphrase.
    • Is a very private code, and only one or two persons in an organization should know it.

    If you misplace or have forgotten your PMAC, you may generate a new set of EDGAR access codes (CCC, password, PMAC) via the EDGAR Filer Management Website using your passphrase.

The CCC, password, and PMAC are referred to as access codes. To protect the integrity and security of the data you send, you must limit the number of people who know your access codes.

The SEC does not keep these codes on file. It is the responsibility of the individual designated as the contact for EDGAR on the Form ID to provide these codes to the EDGAR filing parties, and to keep the codes secure. Section 16 filers must provide their EDGAR codes to their EDGAR contact at each of the companies for which they are insiders if the companies are going to file on their behalf. Only ONE set of EDGAR codes will be valid for each individual, so it is essential that all relevant companies be given the codes. Only one Form ID should be submitted for a registrant or an individual applicant.

Filing agents should use their own CIK and password each time they logon to EDGAR, even if their filings relate to different registrants.

 

Generating access codes after your Form ID is approved

After your Form ID is approved, you will receive an email from the SEC including your central index key (CIK) number, which is a unique publicly-available number the SEC assigns to each filer. Retain a record of your assigned CIK.

You must then generate the three (3) EDGAR codes that you will need to log in to EDGAR using the EDGAR Filer Management Website. The three access codes are:

  • A CIK confirmation code (CCC) used in conjunction with the CIK to ensure authorization for filings and to retrieve and edit data.
  • A password that allows you to log into the EDGAR system, submit filings, and change the CCC.
  • A password modification authorization code (PMAC) that allows you to change your password.

Please refer to the Form ID FAQs if you have not yet submitted a Form ID and therefore, do not have a central index key (CIK) number. If you are not certain if your company has an existing CIK, you may look up your company name using the EDGAR company search.

 

Generating access codes—new and replacement

You should generate new access codes if you:

  • Are a new filer;
  • Forgot your password or your password has expired;
  • Forgot one or all of your access codes (PMAC, CCC, and password); or
  • Would like to generate new access codes for security purposes.

Please follow these steps:

  1. Go to the Filer Management Website and click Press Here to Begin.
  2. Click Generate Access Codes from the menu options.
  3. Input your CIK and passphrase (the 8 character code you created in your Form ID application) and select Generate Access Codes.
  4. Your PMAC, CCC, and password will appear in the next window.
    NOTE:  It is recommended that you print this window and store the codes in a safe location. It may be helpful to include the date you generated these codes as the password expires annually (see below for how to update your password).

Please note that the PMAC, CCC, and passphrase never expire.

Existing filers
If you have forgotten your password, PMAC, or CCC you will have to generate a new set of access codes using your CIK and passphrase.

If you have forgotten your passphrase, you will need to submit a request to update your passphrase in order to generate new access codes.

The passphrase should be strictly controlled by your organization as it allows you to generate new access codes for your filing entity.

Please do not call Filer Support asking to retrieve or reset your access codes. The filer must generate its own codes using the EDGAR Filing Websites.

Updating the passphrase

If you have forgotten your passphrase, you will need to submit an update passphrase request on the EDGAR Filer Management Website. This request can be made through either the security token or manual update processes.

Updating the passphrase—security token process

  • Use only if you have access to the email on file.
  • Sends a security token—used to generate a new passphrase—to the email on file.
  • Is instantaneous and does not require a waiting period of 2 business days.

Follow these steps to submit an update passphrase request through the security token process.

  1. Go to the EDGAR Filer Management Website and click Press Here to Begin.
  2. On the left-hand side menu, click the Update Passphrase option.
  3. A new window will pop up with three options. Choose Request Security Token to Update Passphrase.
  4. Type in the CIK that requires a new passphrase and then a Reason for Update (e.g. “forgot my passphrase”).
  5. Select Continue. Within the next few minutes, an email—containing your security token—will be sent to the address on file with the CIK. 
  6. Manually type the security token number into the box marked Security Token.
  7. Now create your new passphrase, which must be exactly eight (8) characters, all lowercase. It also must contain one of the four (4) special characters listed, at least one number, and at least one letter. 
  8. Type the passphrase again to confirm and then submit. The system will return an accession number to confirm your passphrase has been updated. 

Updating the passphrase—manual update process

  • Use only if the email on file is not current or is missing, or if you are otherwise unable to use the security token process.
  • Requires a signed and notarized attachment.
  • Requires a manual review and can take a waiting period of 2 business days.

Follow these steps to submit an update passphrase request through the manual update process.

  1. Go to the EDGAR Filer Management Website and click Press Here to Begin.
  2. On the left-hand side menu, click the Update Passphrase option.
  3. A new window will pop up with three options. Choose Update Passphrase (manual) > enter your CIK > check Yes if you have authority.
  4. Now create your new passphrase, which must be exactly eight (8) characters, all lowercase. It also must contain one of the four (4) special characters listed, at least one number, and at least one letter. Type the passphrase again to confirm.
  5. The system will then display what the form will look like upon printing. Click Print Window.
  6. If necessary, make any adjustments to the contact information by manually crossing it out and replacing it with legible handwriting or text. The SEC will use the contact name and phone number to call the individual and confirm the passphrase update, so please ensure you are listing the relevant individual. Once access codes are generated, this information can be changed by updating your company information.
  7. This form must be manually signed by an authorized person and notarized, and a power of attorney must also be included if necessary. The notary seal or stamp must be clearly visible.
  8. Scan in the document(s) if necessary and save as a .pdf file. 
  9. In the same window, click Upload/Delete Attachments and then click Upload Attachment to attach the document. Change type to CORRESP > type an optional description > click Upload.
  10. Next click OK. The system will then take you to a page where you will then click Submit. The system will return an accession number to confirm that your passphrase request has been submitted for manual review. Record the accession number for future reference.
  11. Wait 1-2 business days for the SEC to approve your request. Notification will be sent via e-mail to the EDGAR contact on file. You may also call Filer Technical Support to check on the status (202-551-8900, Option 3).

Changing the CIK confirmation code (CCC)

You should consider changing your CCC for security purposes if the following apply:

  • A former staff member held the CCC and is no longer employed by your company.
  • A third-party filing agent has submitted filings on your behalf.

Follow these steps to reset your CCC at either the EDGAR Filing or EDGAR Online Forms Websites.

  1. Enter CIK and password.
  2. Select Retrieve/Edit Data.
  3. Enter CIK and CCC numbers.
  4. Select Change CCC.
  5. Enter CIK number.
  6. Enter Password.
  7. Enter new CCC.
  8. Confirm new CCC.
  9. Select Change CCC.

Changing the password

The EDGAR password expires annually, 12 months after it was created or last changed, and must be changed before the expiration date. The expiration date of your password is visible in red at the top of the screen when you access the EDGAR Filing or EDGAR Online Forms Websites.To change your password, you must have a valid password modification authorization code (PMAC).

You can change your password using the EDGAR Filing or EDGAR Online Forms Websites. Follow these steps:

  1. Enter CIK and password.
  2. Select Retrieve/Edit Data.
  3. Enter CIK and CCC numbers.
  4. Select Change Password.
  5. Enter CIK number.
  6. Enter old password.
  7. Enter new password twice.
  8. Enter PMAC.
  9. Select Change Password.

Locked out of EDGAR because your password has expired?

If you allow your password to expire, you will be locked out of EDGAR and will need to generate a new set of EDGAR access codes (PMAC, password, CCC) via the EDGAR Filer Management Website using your passphrase.

If you have also forgotten your passphrase, you must request a new passphrase (also via the EDGAR Filer Management Website) before you can generate a new password. In this case, your request for a new passphrase must follow the Updating the passphrase—manual update process described above, which requires the submission of a signed and notarized authenticating document. So be sure to keep your password up to date.

Sharing access codes

You should limit the number of people with whom you share your access codes to protect the data submitted.

For security purposes, the SEC recommends changing your CCC after it has been provided to a third-party filing agent. 

Last Reviewed or Updated: June 5, 2024