[CQ-Contest] L.O.T.W.

[Bill Turner]

At 11:20 AM 7/28/2005, Dick Green WC1M wrote:
>The simple answer is that doing security at the ARRL end would not change or
>eliminate the registration requirements. Further, such a system would have
>to rely on password logon, which is not secure.

_________________________________________________

It isn't the registration I find annoying, it's the signing and uploading.

Wouldn't password login be secure if the ARRL issued the password with the 
following conditions:

1. Passwords will be assigned by ARRL. You may not pick your own.
2. No "mother's maiden name" nonsense. You use the password you were 
assigned and can not change it.
3. Passwords will be as long as needed to achieve the level of security 
needed. 128 characters would be fine with me, although fewer would probably 
do the job. Everyone knows how to copy and paste, or better yet, use 
RoboForm to automatically fill them in. RoboForm is free for up to ten 
passwords.
4. Many if not most password security problems arise from use of easily 
guessed passwords. #1, 2 and 3 above will eliminate that.
5. The password will only be mailed to the address on the license, just as 
it is now.  No emailing. Email is easily spoofed.

I just checked my RoboForm passwords. I have 35 of them as of today, most 
of which I use regularly. I have never had a problem with any of them.

I am not convinced that LoTW demands a higher level of security than what 
banks use to transfer billions of dollars every day. If anyone can show me 
how QSLs are more valuable or more prone to hacking than cash I will drop 
the whole matter.

In the meantime, we are all losing QSLs because many hams refuse to 
participate due to the complexity. LoTW should be attracting hams because 
of it's ease of use and security, not turning them off because it is a 
PITA. As of today, only about one ham in 200 worldwide is using LoTW. 
That's way too low.

Bill, W6WRT