[SFDXA] LoTW Password Checking Change Causes Problems for Some Users

Bill bmarx at bellsouth.net
Sat Oct 1 09:24:26 EDT 2016 

    LoTW Password Checking Change Causes Problems for Some Users

09/29/2016

An upgrade to the password-checking mechanism that authenticates Logbook 
of The World (*LoTW* <http://www.arrl.org/logbook-of-the-world>) users 
has caused log-in problems for some clients. Under the system in place 
prior to approximately 2300 UTC on September 19, the LoTW log-in system 
ignored the case of any characters in a password when checking for a 
match, storing them all as lower-case. The new system is case sensitive, 
however. While passwords once were randomly generated, the ARRL IT staff 
recently implemented a new LoTW password mechanism that lets users 
choose their own passwords. Under this new system, when users first log 
in, their passwords are encrypted.

Some users with mixed-case passwords attempting to log in were rejected, 
however, because the system had stored their passwords as all lower 
case. A subsequent modification allows the system to accept a user’s 
mixed-case password and changes the stored password to the user’s 
mixed-case specification. The issue also can present problems for 
applications, such as logging programs, that employ a user’s credentials 
to access a LoTW account.

Users who encounter trouble logging in to LoTW are being asked to enter 
their passwords in all lower case. If that doesn’t work, *contact* 
<mailto:lotw-help at arrl.org> the LoTW Help Desk or explore *other 
methods* <https://lotw.arrl.org/lotw-help/Getting%20Help> available for 
LoTW.

Any LoTW users who logged in before this modification was made — at 
around 2300 UTC on September 19 — had their passwords stored in lower 
case, no matter which case they used in entering them. These passwords 
now must be entered as lower case. Users who changed to a password that 
includes mixed-case letters must continue to enter that password in 
mixed-case letters.

ARRL apologizes for underestimating the extent to which the lack of 
password case sensitivity in the previous LoTW authentication mechanism 
was going to cause problems for so many users.

http://www.arrl.org/news/lotw-password-checking-change-causes-problems-for-some-users

More information about the SFDXA mailing list