Secure password change

Questions and Answers : Preferences : Secure password change
Message board moderation

To post messages, you must log in.

AuthorMessage
parafa

Send message
Joined: 22 Jul 07
Posts: 11
Credit: 33,451
RAC: 0
Hungary
Message 1164608 - Posted: 22 Oct 2011, 21:07:43 UTC

Hi all!
I need some help. Unfortunately I tried gridrepublic.org, it asked for my setiathome password to control my account, and I gave it. After I tried that account manager I decided not to use that. I don't want gridrepublic to control my setiathome account anymore and I don't want gridrepublic to know my setiathome password. The problem starts here:
When I logout gridrepublic, login my setiathome account and change my password, then log back to gridrepublic, it has still full access to my setiathome account. How can it be? And how can I change my password the way I don't want to let gridrepublic to know that.
Thanks for any reply!

ID: 1164608 · Report as offensive
Profile Jord
Volunteer tester
Avatar

Send message
Joined: 9 Jun 99
Posts: 15184
Credit: 4,362,181
RAC: 3
Netherlands
Message 1164619 - Posted: 22 Oct 2011, 21:53:02 UTC - in response to Message 1164608.  

ID: 1164619 · Report as offensive
parafa

Send message
Joined: 22 Jul 07
Posts: 11
Credit: 33,451
RAC: 0
Hungary
Message 1164635 - Posted: 22 Oct 2011, 23:07:02 UTC - in response to Message 1164619.  

Not as easy! I tried that. I can't delete my account.
"Stop using GridRepublic, but continue with all projects"
"In the <<advanced>> menu, select <<Stop using GridRepublic>>"- There aren't a "Stop using GridRepublic" option in the "advanced" menu!
And there REALLY aren't an opportunity to delete the account, only a nerve-racking text:

"
There is no need to delete your GR website account, since it has no function if your desktop software has been removed. (The GR website will never seek to contact your computer; it was your computer that always contacetd the website). Having said this, you may wish to unsubscribe from our maiing list. This can be done by a link at the bottom of every list message, or by going (on gridrepublic.org) to home > my account > newsletter, selecting "don't send me mail", and clicking "apply".
"

I understand that there is no need to delete blah blah..., but its frustrating that they KNOW MY PASSWORD! And they know it even after I change it.
ID: 1164635 · Report as offensive
Profile Jord
Volunteer tester
Avatar

Send message
Joined: 9 Jun 99
Posts: 15184
Credit: 4,362,181
RAC: 3
Netherlands
Message 1164667 - Posted: 23 Oct 2011, 1:13:50 UTC - in response to Message 1164635.  

Well then, try contacting them, category Privacy and explain what your problem is.
ID: 1164667 · Report as offensive
parafa

Send message
Joined: 22 Jul 07
Posts: 11
Credit: 33,451
RAC: 0
Hungary
Message 1164704 - Posted: 23 Oct 2011, 7:06:23 UTC - in response to Message 1164667.  

And what should I say? Please forget my password? Or what? Of course they won't delete my password from their database. I wrote here because the security problem is here, not there! Imagine that somebody ascertains your password, for example email password. And every time you change your password, the incompetent person is informed about the new password! Sounds good?
ID: 1164704 · Report as offensive
Profile Jord
Volunteer tester
Avatar

Send message
Joined: 9 Jun 99
Posts: 15184
Credit: 4,362,181
RAC: 3
Netherlands
Message 1164741 - Posted: 23 Oct 2011, 11:26:44 UTC - in response to Message 1164704.  
Last modified: 23 Oct 2011, 11:38:58 UTC

Of course they won't delete my password from their database.

And how do you know that without asking them, politely?
Why not write to them and tell them that you fear for your privacy and that you want your account at GR deleted? I know the person behind GR personally and can tell you that if you ask politely, that he won't say no.

I wrote here because the security problem is here, not there! Imagine that somebody ascertains your password, for example email password. And every time you change your password, the incompetent person is informed about the new password! Sounds good?

When you change your password, no email about it is being sent to anyone, not even you yourself. When requesting a reminder about your password, no actual password will be sent, but a log-in link with which you can temporarily log in here.

Of course, if you've been careless and someone else has access to your account here, changing the password doesn't matter. They will have written down your account key, with which they can log in on your account whenever they want to and change (key) things again.

But if you want to live your life in such fear, of things that could possibly happen, then there's only one method of making absolutely sure that you aren't affected: Do NOT Use The Internet! ;-)

Otherwise, liven up a little. :)
ID: 1164741 · Report as offensive
Profile BilBg
Volunteer tester
Avatar

Send message
Joined: 27 May 07
Posts: 3720
Credit: 9,385,827
RAC: 0
Bulgaria
Message 1164766 - Posted: 23 Oct 2011, 13:45:44 UTC - in response to Message 1164635.  
Last modified: 23 Oct 2011, 14:05:44 UTC

There aren't a "Stop using GridRepublic" option in the "advanced" menu!

There have to be some option - it may not be called "Stop using ..." but Detach or Remove or Delete?

What is shown in Projects tab?

And your new (changed) SETI@home password is (AFAIK) not passed directly
from SETI@home to GridRepublic

I think the path is this:
SETI@home -> your BOINC installation -> GridRepublic

If you Detach your BOINC installation from GridRepublic
no more connections to GridRepublic will be made and they will not receive your password.

http://www.gridrepublic.org/joomla/index.php?option=com_smf&Itemid=26&topic=185.msg712


 


- ALF - "Find out what you don't do well ..... then don't do it!" :)
 
ID: 1164766 · Report as offensive
parafa

Send message
Joined: 22 Jul 07
Posts: 11
Credit: 33,451
RAC: 0
Hungary
Message 1164816 - Posted: 23 Oct 2011, 20:28:50 UTC - in response to Message 1164741.  

Thank you for the explanation!
I know there is no email, but i thought they stayed logged in my account or sg similar. You revealed that there is no need for password if they know my account key. It's clear. Now I can't do anything with this problem, because the account key can't be modified, can it? I shouldn't have given access to anybody else, but I'm at peace with the situation now. I was so nervous and disconcerted yesterday, I think because I didn't know what happened around me. Sorry for that! If they really would delete it, there is no need to ask them, they won't do anything with my account.
...
Of course I will use the Internet:)
Thank you again!
ID: 1164816 · Report as offensive
Profile Jord
Volunteer tester
Avatar

Send message
Joined: 9 Jun 99
Posts: 15184
Credit: 4,362,181
RAC: 3
Netherlands
Message 1164844 - Posted: 23 Oct 2011, 23:33:41 UTC - in response to Message 1164816.  

Now I can't do anything with this problem, because the account key can't be modified, can it?

Not by you, no. Only by the project. It has happened that people got 'hacked', or in general lost access to their account and that admin had to step in and disable the account/make a new account key. On a couple of projects including this one.

But in general, that's only been a couple, a handful, on perhaps 10 projects over a time span of several years. Thus far, not bad.

Now we only hope that the 2,138 people affected at CPDN don't spoil the statistics. ;-)
ID: 1164844 · Report as offensive
John McLeod VII
Volunteer developer
Volunteer tester
Avatar

Send message
Joined: 15 Jul 99
Posts: 24806
Credit: 790,712
RAC: 0
United States
Message 1165180 - Posted: 25 Oct 2011, 2:23:18 UTC - in response to Message 1164844.  

Now I can't do anything with this problem, because the account key can't be modified, can it?

Not by you, no. Only by the project. It has happened that people got 'hacked', or in general lost access to their account and that admin had to step in and disable the account/make a new account key. On a couple of projects including this one.

But in general, that's only been a couple, a handful, on perhaps 10 projects over a time span of several years. Thus far, not bad.

Now we only hope that the 2,138 people affected at CPDN don't spoil the statistics. ;-)

All we had to do was to change our password (at every project...).


BOINC WIKI
ID: 1165180 · Report as offensive
Profile Jonathan Brier
Volunteer tester
Avatar

Send message
Joined: 11 Dec 04
Posts: 4
Credit: 1,576,441
RAC: 15
United States
Message 1166498 - Posted: 30 Oct 2011, 17:05:28 UTC - in response to Message 1164816.  

Hi parafa,

I know the people that run GridRepublic and been helping them on and off for 3 years and if you ask they will comply with your request for removing. There are many things in the design of GridRepublic that could be improved and a revamp of the website is underway, but taking longer than expected. I am not sure if it fixes the disclosing the password though.

I just wanted to assure you that GridRepublic's intentions are good and you can trust the information is in good hands.

I believe somewhere there was a discussion of integrating OAuth and OpenID into BOINC, but cant remember where/when it was mentioned. It would help with the linking issue somewhat.
GridRepublic - bringing BOINC mainstream: http://www.gridrepublic.org

GridRepublic Fan Page: http://www.facebook.com/GridRepublic

Progress Thru Processors Facebook: http://www.facebook.com/progressthruprocessors
ID: 1166498 · Report as offensive

Questions and Answers : Preferences : Secure password change


 
©2024 University of California
 
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.