Winlink

Passwords with Keyboard Mode and APRSLink

Both keyboard mode and the APRS gateway now allow access with your Winlink password to the CMS using a simple challenge/response protocol. Your password is never sent in the clear over the air.

LOGIN
If secure login is enabled for your account (or, in the future, required). Send any command to initiate login. The CMS will respond with a challenge consisting of three digits who's values represent positions of characters within your password..

[RESPONSE]
This is a six character response to the login challenge. Respond with three password characters corresponding to the positions in the challenge plus three additional characters of your choosing (in any order). Example: Password is ABC123. Login challenge is: 425. You send '1B2AZ5'. ABZ21TY would also be valid since it contains the characters 1, B, and 2.

No password is needed if the secure login account setting is off (check 'My account>Edit' at the Winlink web site). This option will go away once secure login (password validation) becomes mandatory next year.

Keyboard access will continue to accept the PW syntax announced earlier, but that will be disabled in a few weeks. Use the above method instead.

-Lee, K0QED
Winlink Development Team

Q&A on Winlink Passwords

Sunday, October 25, 2015
Recently Andy, VE1COR wrote:

"I recently received a msg. via RMS Express that passwords will be required to use the program within about 6 months to send/receive general messages by means of the Winlink2000 system. I think this is called 'Secure Log in'. It is my understanding that Winlink2000 is the backbone for general Winmor / RMS Express messaging. There was a brief discussion on this group in the summer regarding RMS Express passwords. I am still not 100% clear on implementing a password in the RMS Express program running on my computer, and I have a few questions."

We thought publishing the answers might help minimize confusion on the upcoming changes to the CMS login process that we announced recently. So, here are answers to Andy's well-put questions:

Hi Andy,

Some answers:

1. To enter a password in the RMS Express program do I: 1) on the main screen follow the path 'Files/RMS Express Setup' to the 'RMS Express Properties' screen, 2) then enter a password in the 'My Password' field? Is there anything else I need to do with the RMS Express program?

A: Make sure you're using the latest version of RMS Express! Beta test version 1.3.6.6 adds a fix for a bug in secure login. It also has a button that makes it easy to request your password to be sent to you, plus a way to enter a password recovery address without having to go to the web site to do it. When you enter your password in the 'properties' form of RMSE it also sets your option for 'secure login' to CMS servers (direct via telnet or through an RMS). The option to elect secure login and the setting on the web site will go away in six months or so (date to be announced). After that date, secure login is mandatory.

2. For some time I have had a password to access Winlink2000 on-line for webmail and account management (e.g. password recovery e-mail address, white and black lists). Is the password I enter into my RMS Express program the same as I already use with my Winlink2000 account?

A: Same password. There is only one password per callsign account in the Winlink system. Just to prevent confusion: The common key CMSTELNET for access to Telnet connections that must be manually set in Airmail or other clients is NOT a Winlink password (though some clients call it that), but rather a common key for all client connections.

3. Is there any restriction on the type of characters I use for the RMS Express password? (One of the participants in the summer discussion said lower case would cause a problem; my current Winlink2000 password might - or might not - include lower case character(s)).

A: Winlink passwords all use upper case alpha character, numerics and the symbol/punctuation set seen on 'qwerty' keyboards. If an input method permits lower case, it's always converted to uppercase before it's used in the system. If it doesn't--the WDT did not write the software and the author is in error.

4. Every time I change my Winlink2000 password do I also need to change the password in the RMS Express program?

A: Yes, of course. Otherwise, you're trying to log into an account with an incorrect password!

5. How long will it take for my new, or changed, password to be functional in RMS Express (and with on-line Winlink2000 assuming both passwords are linked)?

A: After making a change, you should allow 5-10 minutes to be sure, perhaps less before trying to use it in a client. The password is first changed on one CMS database, then it must propagate to four others around the world. This takes 2-3 minutes in most cases, occasionally longer due to net conditions. If you are using an older client (Airmail, Outpost) that focuses on one or uses a slow rotation of CMS selection, you may experience a problem, but allowing time should fix it. RMS Express is smart about CMS selection and transparent to the user as well, so no problem with it.

6. May I setup a (Winlink2000 based) password NOW in my RMS Express program, before a password is mandatory?

A: YES. Highly recommended. You'll be using secure login right away, which is a good thing. Nothing to worry about setting later, too.

7. if the answer to 6 is 'yes', is there any advantage to setting up a password in RMS Express now?

A: Spoofing your call or access to your account using secure login is very hard. Nothing else to do or remember later, either. The only negative is that you must manage the password and must not forget it. Be sure to set a password recovery address that is NOT your Winlink account, so you can request the password to be sent where you can recover it if you should be human and loose it.

73,
Lor W3QA
Winlink Development Team

CMS Login Changes Due Soon

15 Oct 2015--The Winlink Development Team is making changes to modernize the system and prevent abuse. We have begun to roll out changes to the Common Message Servers (CMS) that will alter the connection behavior of both client software and RMS servers. Previously, users could opt into using a secure login process. In the near future, it will be required of all accounts. Users and Sysops alike should note what to expect. We are working with 3rd-party software authors to help them implement their needed changes, and allowing for a generous grace period to allow updates and a smooth transition. Here's a summary:

1. All Winlink accounts will be required to log in to a CMS securely with a password. Currently, 'secure login' is optional for users, and many accounts do not have passwords. Before they are required later in the transition, the CMS has begun sending to users having non-secure accounts a new system-generated password. If you are not already using 'secure user login' in your client, WebMail on the web site, have not requested a Winlink password from the web site, or run an RMS gateway or RMS Relay station, your account probably does not have a password. You should look in your Winlink mail for a service message from the CMS containing a new unique password associated with your callsign account.

Note: Additional accounts using SSID variations of a callsign will always use the same password--the one associated with the base callsign, without "-0000" (SSID) appended.

Users can change their password, and request recovery of lost passwords using the Winlink web site. Be sure to add a password recovery address to your account settings!

2. Unless created by using RMS Express, all new accounts created by using a client making a first-time connection with a CMS will automatically receive their passwords in a service message. After a grace period, the CMS will require all connections to perform secure login. Prior to that, the password must be configured in a client program to allow successful secure connections.

3. Sysops need do nothing regarding passwords for the accounts running RMS gateways--they already use passwords for secure access to the CMS servers. They should be familiar with the changes in order to assist their users, however.

4. Tactical address accounts can not be used to log into a CMS, but may have associated passwords for security. Passwords are not required for tactical addresses, as they will be for all callsign accounts.

5. We will soon announce a cut-over date (we expect about six months from October 15, today) on which the CMS will begin rejecting un-secure (no password) connections for existing accounts.

--The Winlink Development Team

Pages

Subscribe to RSS - Winlink
Winlink Linkomatic