An average REALTOR® manages unique logins for 20 or more websites, both personal and professional (think MLS, Association site, broker’s intranet, third party related sites, etc.). It is likely each of those websites has a different password policy with varying requirements for password length, letter/number/character requirements, and expiration periods. As in the old Abbott and Costello skit Who’s on First, keeping abreast of what password goes where, is an unlikely reality unless two common solutions are utilized. The prevailing method employed is to use as few password combinations as possible to ensure easy access. In other words, use the same password for every site possible. The second most common solution is writing the passwords all down on a piece of paper and storing the paper in a desk drawer. Both are ticking time bombs waiting for the right moment to blow.
The January 2012 hack of ZAPPOS® loudly reiterates the problem of using the same password across multiple sites when a breach occurs. In communications to their customers ZAPPOS® simply stated, “We also recommend that you change your password on any other web site where you use the same or a similar password.”. A breach in one site can have a cascading effect to other sites due to the commonality of passwords used. This serious problem is not unique to REALTORS®. The plethora of user IDs won’t go away any time soon. In fact, we anticipate the problem will only worsen over time as more and more sites collect user information behind the veil of login.
What is the bottom line for the MLS or Association? Jump into deploying technologies with both feet. Stop catering to the dinosaurs (of all ages) that resist change at every turn. Remove the silly obstacles subscribers encounter when gaining access to frequently used systems (such as asking them to remember multiple IDs and passwords for various systems). “Was it my NRDS number or my email address or my license number? I don’t remember.” should become the concerns of the past.
Ultimately, by deploying single-sign on (SSO) support costs will decrease and user efficiency will increase for both end users and staff. Best of all you will satisfy your subscribers with an easy means to navigate between their applications without repeatedly presenting authentication credentials in order to do so.
Stay tuned as Clareity Security continues to innovate new ways to present value and efficiency through technology tools.
Share this post: