Suggestion

Brandon Bartell

  • Members
  • 9
    • View Profile
Suggestion
« on: January 09, 2009, 05:44:57 PM »
We are using our VATSIM password more and more on this website.... is there any chance we can change the member login to use our vatsim password as well.

Benton Wilmes

  • Members
  • 19
    • View Profile
    • http://
Suggestion
« Reply #1 on: January 09, 2009, 07:21:08 PM »
Quote from: Brandon Bartell
We are using our VATSIM password more and more on this website.... is there any chance we can change the member login to use our vatsim password as well.

You could just change your password to your VATSIM password
There is an art . . . to flying. The knack lies in learning how to throw yourself at the ground and miss.

Benton Wilmes
[img]http://online.vatsimindicators.net/965807/61.png\" border=\"0\" class=\"linked-sig-image\" /]

Brandon Bartell

  • Members
  • 9
    • View Profile
Suggestion
« Reply #2 on: January 09, 2009, 08:25:48 PM »
Quote from: Benton Wilmes
You could just change your password to your VATSIM password

Good Point

Brendan Samson

  • Members
  • 17
    • View Profile
    • http://www.NewYorkFlyingClub.net
Suggestion
« Reply #3 on: January 11, 2009, 11:55:29 PM »
A little off topic, but does anybody know how to change you Vatsim password?

Norman Blackburn

  • Members
  • 64
    • View Profile
Suggestion
« Reply #4 on: January 12, 2009, 04:39:15 AM »
Quote from: Brendan Samson
A little off topic, but does anybody know how to change you Vatsim password?

It depends what you mean by change.  

If you mean "I want to change my password to be "cool-pilot7" or indeed any other alphanumeric combination of choice then you are out of luck.

On specific occassions, such as a security compromise, it is possible to have a password reset by the VATSIM Membership team.  They can be contacted at www.vatsim.net/mememail.php

Brad Littlejohn

  • Members
  • 152
    • View Profile
Suggestion
« Reply #5 on: January 12, 2009, 01:46:15 PM »
Quick question.

Seeing that we have all of the ARTCCs here, should we not add the CERAPs in to their respective region? The San Juan and Guam CERAPs don't have anything here, unless we want them included in ZOA and ZNY/ZMA's forums.

BL.

Brian Fuller

  • Members
  • 23
    • View Profile
    • http://
Suggestion
« Reply #6 on: January 13, 2009, 08:28:35 AM »
What is the reason we are not allowed to change our PW?

Quote from: Norman Blackburn
It depends what you mean by change.  

If you mean "I want to change my password to be "cool-pilot7" or indeed any other alphanumeric combination of choice then you are out of luck.

On specific occassions, such as a security compromise, it is possible to have a password reset by the VATSIM Membership team.  They can be contacted at www.vatsim.net/mememail.php

Norman Blackburn

  • Members
  • 64
    • View Profile
Suggestion
« Reply #7 on: January 14, 2009, 04:28:19 AM »
Quote from: Brian Fuller
What is the reason we are not allowed to change our PW?

Some people would choose very silly, or easily guessed combinations (for example 1234).  

Unless somebody with access looks up your password (of which there are only a few people who can, and this is recorded) , the only person who knows what it is, is you.   In our environment you can't get much more safe than that.

Brian Fuller

  • Members
  • 23
    • View Profile
    • http://
Suggestion
« Reply #8 on: January 14, 2009, 07:01:42 PM »
That is easily prevented with RegEx.

My current PW assigned by the system is easier to guess than what I would make it.

Quote from: Norman Blackburn
Some people would choose very silly, or easily guessed combinations (for example 1234).  

Unless somebody with access looks up your password (of which there are only a few people who can, and this is recorded) , the only person who knows what it is, is you.   In our environment you can't get much more safe than that.

Arthur Heiser

  • Members
  • 57
    • View Profile
    • http://zabartcc.org/index.php/backend/profile/1052801
Suggestion
« Reply #9 on: January 14, 2009, 09:01:25 PM »
This makes sense.

Having a numeric password given to your by VATSIM and being unable to change it greatly increases security. At least I think so, I'm no computer wiz, so I don't know if it is easy to hack someone's account or something like that.
« Last Edit: January 14, 2009, 09:01:55 PM by AJ Heiser »
AJ Heiser
Senior Controller,
Los Angeles ARTCC
"You may all go to hell, and I will go to Texas." ~ Davy Crockett , 1835

Brian Fuller

  • Members
  • 23
    • View Profile
    • http://
Suggestion
« Reply #10 on: January 14, 2009, 09:45:42 PM »
Actually, by keeping it static and never changing it makes it less secure.

Quote from: AJ Heiser
This makes sense.

Having a numeric password given to your by VATSIM and being unable to change it greatly increases security. At least I think so, I'm no computer wiz, so I don't know if it is easy to hack someone's account or something like that.

Alex Bailey

  • Members
  • 330
    • View Profile
Suggestion
« Reply #11 on: January 15, 2009, 12:07:43 AM »
It isn't going to change, so there's no point in debating it

Brian Fuller

  • Members
  • 23
    • View Profile
    • http://
Suggestion
« Reply #12 on: January 15, 2009, 06:41:24 PM »
You seem to use that reply with a lot of things, and things do change...

There is a reason why they created SOX audits for companies, and they do have good security suggestions.

And since our CID is published everywhere, that is half of our information in plain sight.  Brute forcing a system generated PW would not be difficult.

Quote from: Alex Bailey
It isn't going to change, so there's no point in debating it
« Last Edit: January 15, 2009, 06:42:08 PM by Brian Fuller »

Norman Blackburn

  • Members
  • 64
    • View Profile
Suggestion
« Reply #13 on: January 18, 2009, 03:16:04 AM »
Quote from: Brian Fuller
You seem to use that reply with a lot of things, and things do change...

There is a reason why they created SOX audits for companies, and they do have good security suggestions.

And since our CID is published everywhere, that is half of our information in plain sight.  Brute forcing a system generated PW would not be difficult.

Don't go under the misunderstanding that all passwords are 6 numbers.  Even using brute force isn't the solution since VATSIM uses other measures to check people's connection.

Richard Jenkins

  • VATSIM Leadership
  • 134
    • View Profile
    • http://vatsim.net
Suggestion
« Reply #14 on: January 18, 2009, 05:02:44 PM »
Quote from: Norman Blackburn
Don't go under the misunderstanding that all passwords are 6 numbers.  Even using brute force isn't the solution since VATSIM uses other measures to check people's connection.

Actually the main reason for not changing passwords has to do with the FSD network architecture. The way the FSD servers receive the member account and password ensures that members never have downtime. The passwords are encrypted and sent to the servers along with any rating changes usually once or twice per day.

Yes, I know, there are more advanced ways of managing this, but until a developer decides to take the task on it isn't happening.

Richard Jenkins