XSite Password Lockout Policy
This document explains our XSite password lockout policy
Document 7007 | Last updated: 02/17/2021 MJY
The username and password combination you use to access your XSite is the key to a wealth of personal and client information. If a criminal or other malicious user were to steal your password, they would gain full access to your online products - and possibly the private data of your customers. To minimize this threat, there are a number of security features surrounding your account and password.
One such feature is the Password Lockout system, which prevents any access to your XSite for 10 minutes in the event that 5 unsuccessful attempts are made to log in. In addition to locking the account, an e‑mail message is sent, notifying you of the potential attack.
This feature protects your account from someone trying to guess your password based on personal information they know about you. It also thwarts the use of a computer-based dictionary attack tool. Such tools are designed to rapidly and continuously try single words — as well as combinations of words — that can be found in English or other language dictionaries. By locking the account after 5 tries, the system effectively limits the number of guesses per hour that can be attempted, thus increasing the time required to guess a password to hundreds or thousands of years.
If you receive an e‑mail notification indicating that your account has been locked out, contact our Support department immediately at 1‑800‑211‑4514.
If you were having a problem accessing your account, you can reset your password by following the instructions found here. If this was an un‑authorized attempt to access your site, we’ll attempt to identify the source of the attack, so you can take appropriate measures.
If you have additional questions about the security of your XSite or the data it contains, please contact us at AppraiserInfo@CoreLogic.com.