Thank you for your comments and suggestions regarding the authentication platform utilized by RAHB. We appreciate your feedback and certainly understand that having to manually enter your password when logging into my.rahb.ca may be viewed as an inconvenience, especially with the number of passwords most of us are required to maintain across the many systems we all use regularly. To view why Clareity does not currently allow saved passwords, as well as what is on the roadmap for the future, please the information below.
Background on the Clareity SafeMLS authentication and security platform:
The Corelogic (Clareity SafeMLS) system was put in place to secure your login to RAHB’s Matrix system and other associated applications and resources which are available to you as a member. Clareity’s SafeMLS Single Sign On system is designed to operate as a Single Sign On provider which collects behavioral data associated with all logins to the system to help mitigate security threats. The behavioral data collected by the system includes information such as login times, system fingerprint information (i.e. device type, operating system, browser version), keystroke dynamics, GeoIP location information, IP address, and a variety of other characteristics. This information is collected and monitored on a regular basis and is used to build risk profiles. When any of these patterns consistently differ in a significant way, it triggers the system to generate an additional risk profile which is associated with your account. When more than one risk profile is associated with your account, the system will measure the risk score differences between profiles and if that score is above the allowed threshold, the system will start a remediation process to help mitigate any potential risks which may indicate that your account is being used by more than one person.
Why Save Passwords are not allowed:
The reason the ability to use Saved Passwords is disabled during the login process is due to the Keystroke pattern analysis which is performed on each login. When entering a password, each person has a consistent pattern associated with the way they type. The system pairs this pattern with other information to account for differences which may be caused by different devices. This particular indicator is very effective in identifying scenarios where a password has either been compromised or shared with another party. If the ability to utilize saved passwords was enabled, the system would be unable to collect accurate keystroke data for analysis.
What Alternatives are being considered:
Both RAHB and Corelogic (Clareity) understand that having to manually enter a password to authenticate with the system may be viewed as an inconvenience to some users. We are always reviewing ways to improve the security and usability of the systems provided to our members. Corelogic’s Clareity SafeMLS team has indicated to us that they have been exploring and considering alternate methods of authentication for future adoption within their system. Some examples of the alternative methods being considered are as follows:
- Multi-Factor Authentication (MFA) is an authentication method that requires two or more independent ways to identify a user. Examples include codes generated from the user’s smartphone, Captcha tests, fingerprints, or facial recognition
- Certificate-based authentication technologies identify users, machines or devices by using digital certificates. A digital certificate is an electronic document based on the idea of a driver’s license or a passport
- Additional Biometric information as an alternative to keystroke biometrics. Examples include: facial recognition, fingerprint recognition and voice identification
The security of your data, your clients data and the associations data is extremely important, especially with the security threat landscape which exists today. While we would like to turn on the ability for Saved Passwords to be used, that is not an available option at this time within the Clareity SafeMLS platform.
We will continue to investigate and work with our technology partners to research, consider and adopt new and improved methods of providing effective and efficient security authentication, identification, and analysis to our members.