We’ll be implementing Multi-Factor Authentication (MFA) sometime in second quarter to enhance MLS security. MFA adds an extra layer of protection beyond just a password. It requires users to provide multiple forms of identification before granting access, which significantly reduces the risk of unauthorized access. Keep an eye out for upcoming communication on what this means for you and how to prepare. Your data safety is our priority!
Multi-Factor Authentication Q&A
Q: Why is Multi-Factor Authentication (MFA) Important to have?
A: Increased Security: MFA adds an extra layer of protection beyond just a password. It requires users to provide multiple forms of identification before granting access, which significantly reduces the risk of unauthorized access.
Mitigates Password Vulnerabilities: Passwords can be easily guessed, stolen, or cracked. MFA lessens the impact of these vulnerabilities because even if a password is breached, additional authentication factor(s) are needed to access the account.
Protection of Information: For individuals and organizations alike, safeguarding data is critical. MFA adds an extra barrier against data breaches, protecting confidential information from falling into the wrong hands.
Q: When is a user challenged for MFA?
A: MFA will challenge users when:
- They are new
- They forget their password or are locked out
- They change their email or password
Q: Is a user going to have to authenticate with MFA on every login?
A: No. A user would only need to be authenticated with MFA when they meet one of the conditions noted above.
Q: How does a user get the code for MFA?
A: The user will be offered the choice of email or text. If a user does not have a mobile #, then only email will be offered. If the user has no email address, then only text will be offered.
Q: What if the user’s email and phone in the MFA screen are wrong?
A: The user should cancel the MFA screen, contact the MLS, and have their information updated. After 15 minutes the user should attempt to log in again.
Q: What if the user shares a single email or phone?
A: The code will go directly to that one email or phone. We highly recommend having your unique email or phone.
Q: How can I update my email or phone?
A: Email MLS Services at firstname.lastname@example.org with your request to update.
Q: How long is the code good for?
A: The “life” of the code varies by method:
- The email code is good for 5 minutes.
- The text code is good for two minutes.
Q: Can I receive authentication codes on my Apple Watch?
A: No. Authentication codes are only sent to the text device it is addressed to, and not to “Connected devices.” This is a security measure to assure that the code may not be hijacked by other devices.
Q: What email address will the code be sent from?
A: It will be from do-not-reply@Corelogic.com