Strengthen Your Login

Professional
How do you encourage strong password practices?  Passwords control access not to just the MLS but to transaction and document management systems containing clients personal and financial information, often via single sign-on (SSO) like the Clareity® dashboard. Continue reading and learn about the current password practices from the National Institute of Standards and Technology (NIST), an agency that develops cybersecurity standards, guidelines, and best practices to meet the needs of federal agencies and the broader public.
NIST guidelines around password complexity:
  • Passwords must be at least eight characters long – but longer (i.e., 12-20 characters) is better.
  • Passwords must not be a single dictionary word (“constructivism” is a poor password; “codeofethicsunderallistheland” is a strong password)
  • Passwords must not be obvious patterns (e.g., 123456789)
  • Passwords must be unique
  • Passwords should be changed yearly, or when a compromise is discovered
  • “No other complexity requirements for memorized secrets should be imposed” (requiring uppercase and lowercase letters, numbers, and punctuation)
  • Use of a password manager is recommended by NIST: however, caution should be used when choosing a trustworthy password manager, as such programs have become a target for the hacking community, and not all password managers have a good security track record.
Though complexity improves protection against some types of password hacking, according to NIST it may result in passwords that are hard to memorize or stored insecurely. If your organization has a complexity requirement, re-evaluate it. Do not use a compromised password!  When a password is changed, CoreLogic® Clareity checks the new password to see if it has already shown up on the dark web. If a password is known to be compromised at the time of change, Clareity will not allow its usage. Stronger authentication is better!  All of that said, a strong password is only the beginning. Never share your password with anyone or give it up in a social engineering attack (phishing, smishing and vishing).  NIST recommends additional security, such as multi-factor authentication (MFA).  It is important that real estate professionals use MFA wherever it is offered – as well as practice the password guidance described in this article. This advice is based on the “Digital Identity Guidelines” published by the National Institute of Standards and Technology.