Secure password change

Questions and Answers : Preferences : Secure password change

Author	Message
parafa Send message Joined: 22 Jul 07 Posts: 11 Credit: 19,056 RAC: 0	Message 1164608 - Posted: 22 Oct 2011, 21:07:43 UTC
	Hi all! I need some help. Unfortunately I tried gridrepublic.org, it asked for my setiathome password to control my account, and I gave it. After I tried that account manager I decided not to use that. I don't want gridrepublic to control my setiathome account anymore and I don't want gridrepublic to know my setiathome password. The problem starts here: When I logout gridrepublic, login my setiathome account and change my password, then log back to gridrepublic, it has still full access to my setiathome account. How can it be? And how can I change my password the way I don't want to let gridrepublic to know that. Thanks for any reply! ____________
	ID: 1164608 ·

Ageless Send message Joined: 9 Jun 99 Posts: 11767 Credit: 2,077,670 RAC: 2,332	Message 1164619 - Posted: 22 Oct 2011, 21:53:02 UTC - in response to Message 1164608.
	See Deleting Your GridRepublic Account. ____________ Jord - BOINC FAQ Service - BOINC User Wiki Real is just a matter of perception.
	ID: 1164619 ·

parafa Send message Joined: 22 Jul 07 Posts: 11 Credit: 19,056 RAC: 0	Message 1164635 - Posted: 22 Oct 2011, 23:07:02 UTC - in response to Message 1164619.
	Not as easy! I tried that. I can't delete my account. "Stop using GridRepublic, but continue with all projects" "In the <<advanced>> menu, select <<Stop using GridRepublic>>"- There aren't a "Stop using GridRepublic" option in the "advanced" menu! And there REALLY aren't an opportunity to delete the account, only a nerve-racking text: " There is no need to delete your GR website account, since it has no function if your desktop software has been removed. (The GR website will never seek to contact your computer; it was your computer that always contacetd the website). Having said this, you may wish to unsubscribe from our maiing list. This can be done by a link at the bottom of every list message, or by going (on gridrepublic.org) to home > my account > newsletter, selecting "don't send me mail", and clicking "apply". " I understand that there is no need to delete blah blah..., but its frustrating that they KNOW MY PASSWORD! And they know it even after I change it.
	ID: 1164635 ·

Ageless Send message Joined: 9 Jun 99 Posts: 11767 Credit: 2,077,670 RAC: 2,332	Message 1164667 - Posted: 23 Oct 2011, 1:13:50 UTC - in response to Message 1164635.
	Well then, try contacting them, category Privacy and explain what your problem is. ____________ Jord - BOINC FAQ Service - BOINC User Wiki Real is just a matter of perception.
	ID: 1164667 ·

parafa Send message Joined: 22 Jul 07 Posts: 11 Credit: 19,056 RAC: 0	Message 1164704 - Posted: 23 Oct 2011, 7:06:23 UTC - in response to Message 1164667.
	And what should I say? Please forget my password? Or what? Of course they won't delete my password from their database. I wrote here because the security problem is here, not there! Imagine that somebody ascertains your password, for example email password. And every time you change your password, the incompetent person is informed about the new password! Sounds good?
	ID: 1164704 ·

Ageless Send message Joined: 9 Jun 99 Posts: 11767 Credit: 2,077,670 RAC: 2,332	Message 1164741 - Posted: 23 Oct 2011, 11:26:44 UTC - in response to Message 1164704. Last modified: 23 Oct 2011, 11:38:58 UTC
	Of course they won't delete my password from their database. And how do you know that without asking them, politely? Why not write to them and tell them that you fear for your privacy and that you want your account at GR deleted? I know the person behind GR personally and can tell you that if you ask politely, that he won't say no. I wrote here because the security problem is here, not there! Imagine that somebody ascertains your password, for example email password. And every time you change your password, the incompetent person is informed about the new password! Sounds good? When you change your password, no email about it is being sent to anyone, not even you yourself. When requesting a reminder about your password, no actual password will be sent, but a log-in link with which you can temporarily log in here. Of course, if you've been careless and someone else has access to your account here, changing the password doesn't matter. They will have written down your account key, with which they can log in on your account whenever they want to and change (key) things again. But if you want to live your life in such fear, of things that could possibly happen, then there's only one method of making absolutely sure that you aren't affected: Do NOT Use The Internet! ;-) Otherwise, liven up a little. :) ____________ Jord - BOINC FAQ Service - BOINC User Wiki Real is just a matter of perception.
	ID: 1164741 ·

BilBg Send message Joined: 27 May 07 Posts: 2096 Credit: 3,277,230 RAC: 7,656	Message 1164766 - Posted: 23 Oct 2011, 13:45:44 UTC - in response to Message 1164635. Last modified: 23 Oct 2011, 14:05:44 UTC
	There aren't a "Stop using GridRepublic" option in the "advanced" menu! There have to be some option - it may not be called "Stop using ..." but Detach or Remove or Delete? What is shown in Projects tab? And your new (changed) SETI@home password is (AFAIK) not passed directly from SETI@home to GridRepublic I think the path is this: SETI@home -> your BOINC installation -> GridRepublic If you Detach your BOINC installation from GridRepublic no more connections to GridRepublic will be made and they will not receive your password. http://www.gridrepublic.org/joomla/index.php?option=com_smf&Itemid=26&topic=185.msg712 ____________ - ALF - "Find out what you don't do well ..... then don't do it!" :)
	ID: 1164766 ·

parafa Send message Joined: 22 Jul 07 Posts: 11 Credit: 19,056 RAC: 0	Message 1164816 - Posted: 23 Oct 2011, 20:28:50 UTC - in response to Message 1164741.
	Thank you for the explanation! I know there is no email, but i thought they stayed logged in my account or sg similar. You revealed that there is no need for password if they know my account key. It's clear. Now I can't do anything with this problem, because the account key can't be modified, can it? I shouldn't have given access to anybody else, but I'm at peace with the situation now. I was so nervous and disconcerted yesterday, I think because I didn't know what happened around me. Sorry for that! If they really would delete it, there is no need to ask them, they won't do anything with my account. ... Of course I will use the Internet:) Thank you again!
	ID: 1164816 ·

Ageless Send message Joined: 9 Jun 99 Posts: 11767 Credit: 2,077,670 RAC: 2,332	Message 1164844 - Posted: 23 Oct 2011, 23:33:41 UTC - in response to Message 1164816.
	Now I can't do anything with this problem, because the account key can't be modified, can it? Not by you, no. Only by the project. It has happened that people got 'hacked', or in general lost access to their account and that admin had to step in and disable the account/make a new account key. On a couple of projects including this one. But in general, that's only been a couple, a handful, on perhaps 10 projects over a time span of several years. Thus far, not bad. Now we only hope that the 2,138 people affected at CPDN don't spoil the statistics. ;-) ____________ Jord - BOINC FAQ Service - BOINC User Wiki Real is just a matter of perception.
	ID: 1164844 ·

John McLeod VII Volunteer developer Volunteer tester Send message Joined: 15 Jul 99 Posts: 22343 Credit: 440,201 RAC: 100	Message 1165180 - Posted: 25 Oct 2011, 2:23:18 UTC - in response to Message 1164844.
	Now I can't do anything with this problem, because the account key can't be modified, can it? Not by you, no. Only by the project. It has happened that people got 'hacked', or in general lost access to their account and that admin had to step in and disable the account/make a new account key. On a couple of projects including this one. But in general, that's only been a couple, a handful, on perhaps 10 projects over a time span of several years. Thus far, not bad. Now we only hope that the 2,138 people affected at CPDN don't spoil the statistics. ;-) All we had to do was to change our password (at every project...). ____________ BOINC WIKI
	ID: 1165180 ·

Jonathan Brier Volunteer tester Send message Joined: 11 Dec 04 Posts: 3 Credit: 162,083 RAC: 86	Message 1166498 - Posted: 30 Oct 2011, 17:05:28 UTC - in response to Message 1164816.
	Hi parafa, I know the people that run GridRepublic and been helping them on and off for 3 years and if you ask they will comply with your request for removing. There are many things in the design of GridRepublic that could be improved and a revamp of the website is underway, but taking longer than expected. I am not sure if it fixes the disclosing the password though. I just wanted to assure you that GridRepublic's intentions are good and you can trust the information is in good hands. I believe somewhere there was a discussion of integrating OAuth and OpenID into BOINC, but cant remember where/when it was mentioned. It would help with the linking issue somewhat. ____________ GridRepublic - bringing BOINC mainstream: http://www.gridrepublic.org GridRepublic Fan Page: http://www.facebook.com/GridRepublic Progress Thru Processors Facebook: http://www.facebook.com/progressthruprocessors
	ID: 1166498 ·

Questions and Answers : Preferences : Secure password change