How to Manage Passwords on Your Real Estate IDX Website?
Inman and NAR don’t give out real estate awards for password security. Maybe they should.
No one likes dealing with passwords. It takes time out of an already busy schedule for real estate agents. And the sheer number of passwords we are expected to keep can be overwhelming.
That being said, as real estate moves more and more online, hacks have become more and more common. In this blog, we will cover how to manage passwords on your real estate IDX website to help you minimize the risk of a hack.
The first step to managing passwords is to ensure you have quality passwords. While there is no one definition for a strong password, generally they should be long (15+ characters) with a mix of uppercase and lowercase letters, numbers and special symbols. Length limits your exposure to brute force attacks because each additional character increases the number of combinations a hacker must attempt by an order of magnitude. It’s ok to use a passphrase, but you can increase strength by interspacing random characters to help thwart dictionary attacks. Here is an example of a password using the practices mentioned above:
The Gibson Research calculator estimates it would take approximately 10 billion trillion centuries to crack this password in an exhaustive search.
The passwords for your IDX real estate website should be unique. Do not reuse the password for the Twitter account you created six years ago. Do not use a variation of your current email password. The fact is your real estate IDX site contains a lot of valuable data about people and listings. This data is how real estate agents make their living. So, you should treat your IDX real estate website passwords with the same seriousness and precaution that you treat your banking information.
Use a Password Manager
Remembering multiple long, unique passwords is all but impossible. Most experts advise against writing down your passwords lest some nefarious snooper spies them on your desk or you misplace the notebook that contains them. A valid alternative is to use password management software. Password managers allow you to generate and save strong passwords without having to memorize them. Here are some of the most popular password managers available: 1Password, Dashlane, Keeper, LastPass, True Key, and Zoho Vault.
Force Strong Passwords on Users
Remember the old adage about the chain and the weakest link? This definitely applies to your website security. To ensure that no one else puts your real estate IDX site at risk, you should force strong passwords for all user accounts. Some of your software may include this feature. If it does not, consider establishing an office policy for minimum password strength.
Limit Login Attempts
You can also make your site more difficult to hack by limiting login attempts. Three login attempts seems to be the unspoken standard for the most sensitive data. With a password manager, you won’t ever need more than one attempt. You can talk with your IDX software provider about login attempts and how they can establish limits.
Captcha is a challenge element on a webpage that attempts to determine whether a user is human. Early Captcha included distorted words you needed to enter before logging in or submitting data to a site. Now, users are more often required to select a number of photos containing a particular object. By including Captcha in combination with a strong password, you can block most hackers attempting to access your IDX real estate site programmatically.
Use Two-Factor Authentication
Two-factor authentication (2FA) is becoming more and more commonplace across the web. It now is considered a best practice for password security. The most common 2FA requires a user to have the correct password as well as access to some registered email account or device in order to receive a one-time pin. This greatly complicates any potential hack because having the correct password is no longer enough to gain access to your site.
To this point we have discussed strategies to make your password more difficult to crack. Of course, there is nothing to stop hackers from accessing your IDX real estate website if you simply give them your password. Phishing attacks are becoming more sophisticated. As the custodian of valuable real estate data, you should familiarize with recent phishing attacks and be aware of emails that contain external media or links or that ask you for your login information.
Keep Your Password
It is a best practice to replace your old password every three months. Your new password should be completely unrelated to your old password, and it should be unique and strong. This is the best practice. But the fact is many of us cheat when replacing our password. We often use a derivation of our old password or make other changes that ultimately render our passwords weaker. Knowing this, some security experts now recommend that you create one strong, unique password and that you keep it. Changing your password, they say, does more harm than good unless you think your password has been compromised.
Now you know how to manage passwords on your real estate IDX website. Questions or feedback? Leave them in the comments. Or for more from the Realtyna blog, check out 13 Steps to Build An IDX Real Estate Website With WordPress and How to Reduce Bounce Rate on Your IDX Real Estate Blog.