Recent events have made it crystal clear: 8-character passwords are no longer enough to protect an account. With today’s computing power even a complex 8-character password can be cracked in as little as two minutes.

Cotality’s recent announcement to mandate Multi-Factor Authentication (MFA) isn’t just a policy update: It’s a wake-up call for our entire industry. 

In a recent phishing attack, 48 Matrix user accounts from 13 MLSs were compromised, and here’s the sobering reality: 47 of the compromised user accounts lacked MFA; the one account with MFA was accessed via a stolen device.

The numbers don’t lie. MFA works.

As Cotality’s Kevin Greene puts it perfectly: “From banking to health care to online shopping, MFA has become table stakes. It’s not optional any longer, it’s essential.”

Key dates every MLS should have circled: 

1. October 31st: System-wide MFA must be enabled
2. November 3rd: CAPTCHA challenges begin for non-compliant systems
3. December 31st: All Matrix accounts must have an IDP implemented

This isn’t about compliance. It’s about protecting the trust your members place in you every single day. When agents can’t access critical tools or face constant security challenges because we didn’t prioritize basic cybersecurity, we’ve failed them.

My challenge to every MLS executive: Don’t wait until October 30th. Implement MFA now. Your agents, your data, and your reputation depend on it.

Read Cotality’s full announcement here: https://www.cotality.com/resources/article/cotality-mandates-mfa-requirements-for-all-matrix-customers

What security measures is your MLS implementing beyond the minimum requirements? The time for “good enough” cybersecurity is over.