top of page

Best Practices for MLS Data Security

You may refer to it as “data,” but to thieves, your MLS listings are valuable content. The real estate industry is a known target for data piracy issues. An MLS organization has a duty to protect its technologies and the data that those systems store or access.

Data security can be characterized as an assortment of techniques and technologies used to prevent, detect, and resolve system breaches. Effective organizations constantly encourage and educate their users about the importance, and benefits of security.

As part of Silver City Regional Multiple Listing Service’s data security protocol, we will be requiring all users to update their MLS passwords on September 18, 2023. Upon the first login attempt on or after 9/18 users will be asked to set up a new complex password that is eight characters, it must include one capital and one lower-case letter, a minimum of one number, and one special character.

The first step in safeguarding an MLS system is to mandate the use of complex passwords. The difficulty of a password, which includes the total number of characters and the length of the combination, determines its level of security. It's also a good precaution to avoid using the same password across many systems. While using the same password for various applications makes it easier to remember them, it can also create a chain reaction that allows data thieves to gain access to multiple accounts.

A strong password is one that is reasonably difficult to guess in a short amount of time using either human guessing or advanced software.

A strong password should

  • Be at least 8 characters in length

  • Contain both upper and lowercase alphabetic characters (e.g. A-Z, a-z)

  • Have at least one numerical character (e.g. 0-9)

  • Have at least one special character (e.g. ~!@#$%^&*()_-+=)

Strong passwords do not

  • Spell a word or set of words from a standard dictionary

  • Spell a word with a number added at its beginning and end

  • Be based on any personal information such as user id, family name, pet, birthday, etc.

In addition to the password safeguards described above, please ensure that your cell phone, laptop, and PC all have an access code for gaining access.

Additional data security safeguards an MLS may employ beyond complex passwords is using multifaceted security access such as two-factor authentication. This process provides a user with a unique code or password to be entered following the User-supplied personal password.

Most MLS systems have utility programs built in meant for tracking the access and use of the system. These access activities are reported as metrics, which are monitored to see how the different systems work, who accesses them, and how they use them. Multiple logins, or requests for downloads, coming from the same user but different IP addresses is usually a sign that someone is sharing an ID and password.

The MLS Database is only accessible to its users. Any user who allows another user or an unauthorized party to use their personal login and password to obtain access to MLS, or usage of the MLS Database, or any derivative thereof has committed a major rule violation shall be subject to a large fine and possible suspension.

If you suspect your login has been compromised, change your password immediately. Be sure to change your password from a computer you do not typically use. After resetting your password, report the incident to the MLS.


bottom of page