LoTW Password Checking Change Causes Problems for Some Users
An upgrade to the password-checking mechanism that authenticates Logbook of The World (LoTW) users has caused log-in problems for some clients. Under the system in place prior to approximately 2300 UTC on September 19, the LoTW log-in system ignored the case of any characters in a password when checking for a match, storing them all as lower-case. The new system is case sensitive, however. While passwords once were randomly generated, the ARRL IT staff recently implemented a new LoTW password mechanism that lets users choose their own passwords. Under this new system, when users first log in, their passwords are encrypted.
Some users with mixed-case passwords attempting to log in were rejected, however, because the system had stored their passwords as all lower case. A subsequent modification allows the system to accept a user’s mixed-case password and changes the stored password to the user’s mixed-case specification. The issue also can present problems for applications, such as logging programs, that employ a user’s credentials to access a LoTW account.
Users who encounter trouble logging in to LoTW are being asked to enter their passwords in all lower case. If that doesn’t work, contact the LoTW Help Desk or explore other methods available for LoTW.
Any LoTW users who logged in before this modification was made — at around 2300 UTC on September 19 — had their passwords stored in lower case, no matter which case they used in entering them. These passwords now must be entered as lower case. Users who changed to a password that includes mixed-case letters must continue to enter that password in mixed-case letters.
ARRL apologizes for underestimating the extent to which the lack of password case sensitivity in the previous LoTW authentication mechanism was going to cause problems for so many users.