Janine Sieja - Release Mgr
posted this on June 07, 2010 02:00 pm
RPR has seven standard practices to ensure security for users and data:
SSL Encryption. The sensitive areas of the RPR website are protected by industry-standard SSL encryption, so sensitive information like passwords is secured during transmission.
Account Lockout Policies. After five invalid login attempts, the website will lock out the user's account for 15 minutes. Administrators can also see who has been locked out, and how often they have been locked out.
Password Complexity Requirements. RPR passwords must be reasonably complex: six characters or more in length, with at least one capital letter and one number recommended. This makes passwords difficult to guess, and allows the password keystroke pattern system to be more effective.
Password Reset Question. Passwords are further secured by a challenge question that must be answered correctly before a password reset will be issued.
NRDS Validation: Upon signup, upon login and every 12 hours thereafter, each user is validated against the National Association of REALTORS®’ NRDS database to ensure the user is an active REALTOR®.
Agent Roster Validation. When an agent associates with an MLS, a check of the user’s agent ID is performed. This check is re-executed each time the user’s profile is updated, and each time a property is viewed (e.g. via Search Results and Property Details pages and Reports).
Keystroke Pattern Authentication. A two-factor authentication system uses password keystroke patterns to further ensure that the user entering the password is the user to whom it belongs. Passwords cannot be shared, and hackers who “guess” a password will have this additional barrier to entry. Note: Keystroke detection is used only on the password field; it does not install anything on your computer and is not a security threat.