So many systems, so many logins, so what?

Posted by on March 30, 2012 · 6 Comments 

An average REALTOR® manages unique logins for 20 or more websites, both personal and professional (think MLS, Association site, broker’s intranet, third party related sites, etc.).  It is likely each of those websites has a different password policy with varying requirements for password length, letter/number/character requirements, and expiration periods.   As in the old Abbott and Costello skit Who’s on First, keeping abreast of what password goes where, is an unlikely reality unless two common solutions are utilized.  The prevailing method employed  is to use as few password combinations as possible to ensure easy access.  In other words, use the same password for every site possible.  The second most common solution is writing the passwords all down on a piece of paper and storing the paper in a desk drawer.  Both are ticking time bombs waiting for the right moment to blow.

The January 2012 hack of ZAPPOS® loudly reiterates the problem of using the same password across multiple sites when a breach occurs.  In communications to their customers ZAPPOS® simply stated, We also recommend that you change your password on any other web site where you use the same or a similar password.”.  A breach in one site can have a cascading effect to other sites due to the commonality of passwords used.  This serious problem is not unique to REALTORS®. The plethora of user IDs won’t go away any time soon.  In fact, we anticipate the problem will only worsen over time as more and more sites collect user information behind the veil of login.

What is the bottom line for the MLS or Association?  Jump into deploying technologies with both feet.  Stop catering to the dinosaurs (of all ages) that resist change at every turn.  Remove the silly obstacles subscribers encounter when  gaining access to frequently used systems (such as asking them to remember multiple IDs and passwords for various systems).  “Was it my NRDS number or my email address or my license number?  I don’t remember.” should become the concerns of the past.

Ultimately, by deploying single-sign on (SSO) support costs will decrease and user efficiency will increase for both end users and staff.  Best of all you will satisfy your subscribers with an easy means to navigate between their applications without repeatedly presenting authentication credentials in order to do so.

Stay tuned as Clareity Security continues to innovate new ways to present value and efficiency through technology tools.

Filed under BLOG · Tagged with

Troy RechAbout Troy Rech
Troy joined Clareity Security as one of the founding partners in 2004. Troy is responsible for setting Clareity’s sales strategy and driving revenue growth through existing and new vertical markets. Troy is an experienced executive bringing over eleven years of strategic management consulting experience plus ten years of real estate industry experience to Clareity. Prior to joining Clareity, Troy was a Senior Regional Manager for FNIS (now Lender Processing Services) where he was responsible for sales and account management, business development and client retention in the Southeast. Previously, Troy was a strategy consultant with A.T. Kearney, where he was responsible for delivering client projects focused on strategic planning, business operations improvement, technology integration, and strategic sourcing. In his role with Kearney, Troy worked with Fortune 500 clients such as GM, Waste Management, Kimberly Clark, Sunrise Medical and others. Troy holds a Bachelor in Business Administration from Iowa State University and a Masters in Management from Northwestern’s Kellogg School of Management. Troy is married with two young sons and currently resides in Roanoke, Virginia.

  • Wallace

    This is from the crappy software company that blocks me from signing into the MLS using LastPass or RoboForm which allows a single master password I can remember and complex generated passwords for individual sites. By the way it does it using the outdated Flash not a secure https site.

  • Troy Rech

     Wallace,  always appreciate a difference of opinion.  The primary reason we don’t allow scripted passwords is an underlying business requirement to help prevent active account sharing by MLS account holders.  My apologies for any difficulties you are having in not being able to use LastPass or RoboForm on your MLS login.

  • Lee Johansen

    I use 1Password and have to agree with Wallace. My MLS is the ONLY web based tool that doesn’t allow me to use 1Password. Even banks allow the use of password management tools like these. 

    And… since we’re chatting, your software restricts passwords to contain only letters. How secure is that? Using a password program allows a user to easily use very secure passwords using any number of characters, numbers and/or symbols. It also allows me to easily store other information such as my NRDS number.

    Since I’m rambling, your article starts by stating “an average REALTOR® manages unique logins for 20 or more websites”. I just checked my password program to see how many passwords it is managing for me and the number is 10 times that…. plus, of course the one account not managed by the password program, my MLS login. I wish I had only 20. As I was reading your article, I was anticipating that you were going to tell us that you can now use password programs with our MLS. I was disappointed and do not personally think SSO is the answer to security. 

  • Troy Rech

     Hi Lee,

    Thanks for taking the time to share your thoughts.  200 different logins is an amazing number – and that number is most likely going to grow. 

    The challenge faced by an MLS is the active sharing of accounts by the membership. It is an unfortunate situation which results in unauthorized access and a significant loss of subscriber revenue.  This contrasts to banking where it is almost unfathomable for someone to share login credentials.

    I completely agree with you on the topic of SSO not being the solution to security.  It can be a significant increase in convenience for the MLS subscriber as it relates to the applications offered by the MLS. 

    Again, thanks for the engagement.  I always appreciate the feedback.

    Troy

  • Ray

    I agree with Lee.  It is not fair for you to attack all MLS users in order to find those few who are taking advantage.  I have been a member for 12 years and all my realtors are members, yet every other day, your system is asking me for this and that and just being a pain.
    Hopefully your efforts don’t result in much income being made so that the board goes back to not using the system in this fashion. If one log in at a time were allowed, then you wouldn’t have this problem. Much easier to fix rather than causing 10′s of thousands of Realtors to go through these log in procedures.
    Ray

  • Troy Rech

     Hi Ray, thank you for taking the time out of your busy schedule to write the post above.  We do value your feedback and want to ensure our systems are always balancing security with cost and convenience. 

    My apologies for your feeling like the system is attacking all MLS users.  The system is designed to identify accounts being used actively by more than one person and then provide reminders, emails, and alerts to the account holder of the situation.  If you feel the system is challenging you unfairly, please let me know and I will have a person from your MLS reach out to you directly to discuss the issue. 

    My email is troy.rech at clareitysecurity DOT com

    Troy