Secure password change


log in

Advanced search

Questions and Answers : Preferences : Secure password change

Author Message
parafa
Send message
Joined: 22 Jul 07
Posts: 11
Credit: 19,056
RAC: 0
Hungary
Message 1164608 - Posted: 22 Oct 2011, 21:07:43 UTC

Hi all!
I need some help. Unfortunately I tried gridrepublic.org, it asked for my setiathome password to control my account, and I gave it. After I tried that account manager I decided not to use that. I don't want gridrepublic to control my setiathome account anymore and I don't want gridrepublic to know my setiathome password. The problem starts here:
When I logout gridrepublic, login my setiathome account and change my password, then log back to gridrepublic, it has still full access to my setiathome account. How can it be? And how can I change my password the way I don't want to let gridrepublic to know that.
Thanks for any reply!

____________

Profile Ageless
Avatar
Send message
Joined: 9 Jun 99
Posts: 12280
Credit: 2,567,109
RAC: 711
Netherlands
Message 1164619 - Posted: 22 Oct 2011, 21:53:02 UTC - in response to Message 1164608.

See Deleting Your GridRepublic Account.
____________
Jord

Fighting for the correct use of the apostrophe, together with Weird Al Yankovic

parafa
Send message
Joined: 22 Jul 07
Posts: 11
Credit: 19,056
RAC: 0
Hungary
Message 1164635 - Posted: 22 Oct 2011, 23:07:02 UTC - in response to Message 1164619.

Not as easy! I tried that. I can't delete my account.
"Stop using GridRepublic, but continue with all projects"
"In the <<advanced>> menu, select <<Stop using GridRepublic>>"- There aren't a "Stop using GridRepublic" option in the "advanced" menu!
And there REALLY aren't an opportunity to delete the account, only a nerve-racking text:

"
There is no need to delete your GR website account, since it has no function if your desktop software has been removed. (The GR website will never seek to contact your computer; it was your computer that always contacetd the website). Having said this, you may wish to unsubscribe from our maiing list. This can be done by a link at the bottom of every list message, or by going (on gridrepublic.org) to home > my account > newsletter, selecting "don't send me mail", and clicking "apply".
"

I understand that there is no need to delete blah blah..., but its frustrating that they KNOW MY PASSWORD! And they know it even after I change it.

Profile Ageless
Avatar
Send message
Joined: 9 Jun 99
Posts: 12280
Credit: 2,567,109
RAC: 711
Netherlands
Message 1164667 - Posted: 23 Oct 2011, 1:13:50 UTC - in response to Message 1164635.

Well then, try contacting them, category Privacy and explain what your problem is.
____________
Jord

Fighting for the correct use of the apostrophe, together with Weird Al Yankovic

parafa
Send message
Joined: 22 Jul 07
Posts: 11
Credit: 19,056
RAC: 0
Hungary
Message 1164704 - Posted: 23 Oct 2011, 7:06:23 UTC - in response to Message 1164667.

And what should I say? Please forget my password? Or what? Of course they won't delete my password from their database. I wrote here because the security problem is here, not there! Imagine that somebody ascertains your password, for example email password. And every time you change your password, the incompetent person is informed about the new password! Sounds good?

Profile Ageless
Avatar
Send message
Joined: 9 Jun 99
Posts: 12280
Credit: 2,567,109
RAC: 711
Netherlands
Message 1164741 - Posted: 23 Oct 2011, 11:26:44 UTC - in response to Message 1164704.
Last modified: 23 Oct 2011, 11:38:58 UTC

Of course they won't delete my password from their database.

And how do you know that without asking them, politely?
Why not write to them and tell them that you fear for your privacy and that you want your account at GR deleted? I know the person behind GR personally and can tell you that if you ask politely, that he won't say no.

I wrote here because the security problem is here, not there! Imagine that somebody ascertains your password, for example email password. And every time you change your password, the incompetent person is informed about the new password! Sounds good?

When you change your password, no email about it is being sent to anyone, not even you yourself. When requesting a reminder about your password, no actual password will be sent, but a log-in link with which you can temporarily log in here.

Of course, if you've been careless and someone else has access to your account here, changing the password doesn't matter. They will have written down your account key, with which they can log in on your account whenever they want to and change (key) things again.

But if you want to live your life in such fear, of things that could possibly happen, then there's only one method of making absolutely sure that you aren't affected: Do NOT Use The Internet! ;-)

Otherwise, liven up a little. :)
____________
Jord

Fighting for the correct use of the apostrophe, together with Weird Al Yankovic

Profile BilBg
Volunteer tester
Avatar
Send message
Joined: 27 May 07
Posts: 2614
Credit: 5,952,654
RAC: 3,664
Bulgaria
Message 1164766 - Posted: 23 Oct 2011, 13:45:44 UTC - in response to Message 1164635.
Last modified: 23 Oct 2011, 14:05:44 UTC

There aren't a "Stop using GridRepublic" option in the "advanced" menu!

There have to be some option - it may not be called "Stop using ..." but Detach or Remove or Delete?

What is shown in Projects tab?

And your new (changed) SETI@home password is (AFAIK) not passed directly
from SETI@home to GridRepublic

I think the path is this:
SETI@home -> your BOINC installation -> GridRepublic

If you Detach your BOINC installation from GridRepublic
no more connections to GridRepublic will be made and they will not receive your password.

http://www.gridrepublic.org/joomla/index.php?option=com_smf&Itemid=26&topic=185.msg712


____________



- ALF - "Find out what you don't do well ..... then don't do it!" :)

parafa
Send message
Joined: 22 Jul 07
Posts: 11
Credit: 19,056
RAC: 0
Hungary
Message 1164816 - Posted: 23 Oct 2011, 20:28:50 UTC - in response to Message 1164741.

Thank you for the explanation!
I know there is no email, but i thought they stayed logged in my account or sg similar. You revealed that there is no need for password if they know my account key. It's clear. Now I can't do anything with this problem, because the account key can't be modified, can it? I shouldn't have given access to anybody else, but I'm at peace with the situation now. I was so nervous and disconcerted yesterday, I think because I didn't know what happened around me. Sorry for that! If they really would delete it, there is no need to ask them, they won't do anything with my account.
...
Of course I will use the Internet:)
Thank you again!

Profile Ageless
Avatar
Send message
Joined: 9 Jun 99
Posts: 12280
Credit: 2,567,109
RAC: 711
Netherlands
Message 1164844 - Posted: 23 Oct 2011, 23:33:41 UTC - in response to Message 1164816.

Now I can't do anything with this problem, because the account key can't be modified, can it?

Not by you, no. Only by the project. It has happened that people got 'hacked', or in general lost access to their account and that admin had to step in and disable the account/make a new account key. On a couple of projects including this one.

But in general, that's only been a couple, a handful, on perhaps 10 projects over a time span of several years. Thus far, not bad.

Now we only hope that the 2,138 people affected at CPDN don't spoil the statistics. ;-)
____________
Jord

Fighting for the correct use of the apostrophe, together with Weird Al Yankovic

John McLeod VII
Volunteer developer
Volunteer tester
Avatar
Send message
Joined: 15 Jul 99
Posts: 24224
Credit: 519,558
RAC: 57
United States
Message 1165180 - Posted: 25 Oct 2011, 2:23:18 UTC - in response to Message 1164844.

Now I can't do anything with this problem, because the account key can't be modified, can it?

Not by you, no. Only by the project. It has happened that people got 'hacked', or in general lost access to their account and that admin had to step in and disable the account/make a new account key. On a couple of projects including this one.

But in general, that's only been a couple, a handful, on perhaps 10 projects over a time span of several years. Thus far, not bad.

Now we only hope that the 2,138 people affected at CPDN don't spoil the statistics. ;-)

All we had to do was to change our password (at every project...).
____________


BOINC WIKI

Profile Jonathan Brier
Volunteer tester
Avatar
Send message
Joined: 11 Dec 04
Posts: 3
Credit: 328,025
RAC: 47
United States
Message 1166498 - Posted: 30 Oct 2011, 17:05:28 UTC - in response to Message 1164816.

Hi parafa,

I know the people that run GridRepublic and been helping them on and off for 3 years and if you ask they will comply with your request for removing. There are many things in the design of GridRepublic that could be improved and a revamp of the website is underway, but taking longer than expected. I am not sure if it fixes the disclosing the password though.

I just wanted to assure you that GridRepublic's intentions are good and you can trust the information is in good hands.

I believe somewhere there was a discussion of integrating OAuth and OpenID into BOINC, but cant remember where/when it was mentioned. It would help with the linking issue somewhat.
____________
GridRepublic - bringing BOINC mainstream: http://www.gridrepublic.org

GridRepublic Fan Page: http://www.facebook.com/GridRepublic

Progress Thru Processors Facebook: http://www.facebook.com/progressthruprocessors

Questions and Answers : Preferences : Secure password change

Copyright © 2014 University of California