The documentation of REGCrossCertifyID isn't clear about which IDs can be cross certified.
When you use a normal notes.id you always receive the error:
Wrong Password. (Passwords are case sensitive - be sure to use correct upper and lower case.)
But there isn't a way to specify the password for the user.id at all.
Hence there should be a provision to specify the password in the code.