The Austin MLS is implementing a new security standard called “SafeMLS”, to further restrict access by Realtors to our own MLS system. Now, in addition to needing our MLS username and password to access the MLS, we will also have to type in a pin number. This pin number will be obtained from a small electronic keychain device called a “Security Token” that we must have with us at all times, or not be able to log in to the Austin MLS system.
One of my clients works for a company that makes these devices. The information given to us by our Austin Board of Realtors is somewhat vague (see http://abor.com/news_events/ne_mlsnews.cfm), but as my client explains it, this device will produce a pin number that constantly changes, perhaps every 60 seconds. The MLS server somehow knows what the pin number should be for each user, each minute of every day for the rest of our lives. If the pin number we enter from our device does not match what the server thinks it should be, access will be denied to the MLS system and will be dead in the water as far as performing MLS searches. This is a recipe for major problems, as is already the case this morning, as my MLS login is asking for the pin number 1 week before we will be issued the devices, and I can’t log in because I have no such device or pin number.
All Austin realtors are suppose to be issued our SafeMLS devises bewteen May 11th and May 14th. Before today, I was already of the opinion that this is a dumb idea. It’s a major potential hassle adding another potential point of failure to our daily soup of technology requirements. As Realtors, we are already tethered to a daily sync requirement of our MLS keys – the key has to be placed in a cradle and updated nightly, or it becomes useless the next day (save for one allowed manual dial in sync between eSyncs). Now we will be tethered to this device in order to access our MLS account, which means never sitting in front of a computer without our car keys handy (or hanging the device from a necklace or purse strap, etc.) It’s starting to feel like I am a prisoner to gadgets and technology, and I don’t like it.
This device is suppose to stop Realtors from giving their login info to other people, and therefore it is suppose to stop unauthorized access to the MLS by non-members. This morning, my own access is now restricted and I can’t work. There are other technologies available to identify and stop unauthorized use and sharing password and login info into secure systems. The MLS can simply restrict multiple instances of login, or they can red flag multiple instances of login for warning/followup, or they can flag instances of login by one user from more than a few IP blocks during any time span, and/or by forcing a monthly change of password by users (which would also be a hassle, but less so than having a new electronic device permenantly inserted into our lives). I’m sure there are other ways, but those are a few I can think of off the top of my head.
UPDATE: As I am typing this the MLS people emailed back to me and pointed out that the new login screen has another login area at the bottom of the page (not obvious at first glance) where my old username and password still work, so now I’m back in!
I wonder how many phone calls and emails the Board will get today due to this poorly designed new login screen that overtly prompts the user at the top of the page for information not yet available, and tucks down at the bottom of the page the username and password fields that actually need to be used to log in for the next 7 to 10 days. Hey MLS people, it’s 2006, get your act together! This is Programming 101 user interface stuff, and you get an ‘D-‘ on the assignment. Have fun answering the phone and responding to emails all day.
Whew! Taking away a Realtor’s morning MLS login is like taking away a coffee addict’s morning coffee fix! I nearly had a stroke. I think I’m going to be ok now. Back to work.