How to obtain a password for the members’section
The members section section of the centcols.org site is reserved for active club members. To access it, you must indicate your member number and password. For reasons of confidentiality, no administrator holds the passwords of the members.
If you have forgotten your password, you can request a temporary password and then, once connected, replace it with the one of your choice.
Please note: if you have forgotten your password, use this temporary password request procedure before your 10th failure, otherwise your account will be blocked. Once your account is blocked you can no longer access the members section for 24 hours, or you will have to contact firstname.lastname@example.org.
There are 4 steps to follow:
Go to the access page in the members section. If you remember your member number, enter it and go directly to step 2. Otherwise, click on Numéro de membre oublié ? then enter your first and last name or your email address and click “send”. Your member number should then be displayed. Click on it to continue.
Click on Mot de passe oublié ? On the page that then appears, your e-mail address will appear and you must confirm it by clicking on “send”. This will send you a temporary password by email to the address in question. For security reasons, this password is only valid for 4 hours; moreover you will not be able to repeat the procedure before a period of 4 hours. (For the reasons of these safety devices, see below).
Check your email within a few minutes and you should find the message with the temporary password there. If this is not the case, also check your spam folder. If you have not received the temporary password within one hour of your request (step 2), please contact email@example.com.
- Go back to the access page in the members section, re-enter your member number and now also your provisional password. Click on “send”. On the page that is displayed then, a message asks you to go to your member card to enter a lasting password. Click on the link displayed for that.Once on your membership form, enter the password of your choice and enter it a second time. Save the record.
Please note that some browsers try to “make your life easier” by remembering passwords that have already been used. After changing a password, you should always make sure not to leave a pre-filled password entry field but to type the password entirely.
Security features for passwords
Some of you may be wondering why we use security measures for passwords that we might call draconian. The answer is simple: the Internet is an environment where nothing is certain until it is explicitly verified. Here are the reasons why these measures are in place:
- Temporary password lifetime is limited to 4 hours. This limits exposure to the risk of an incorrect or outdated email address. If we have an incorrect address for you, your password could possibly reach a third party (eg a former office colleague).
- Moratorium of 4 hours before a request for a temporary password. Here we want to limit attacks aimed at consuming all the resources of the system and creating a deluge of emails. For example, a scammer could easily write a program that would send a temporary password to a member more than 100 times in 1 minute. The moratorium limits this potential.
- Account blocking after 10 successive incorrect passwords. This is to eliminate the automated search for passwords. If a fraudulent user tries to find your password by trying thousands of possibilities, it will be blocked already after 10 attempts, which drastically limits the risk that the password will be found by this method called “brute force”. But if you yourself make a mistake once, then your account will also be blocked for 24 hours. In an emergency, you can always request an unlock by writing to firstname.lastname@example.org and explaining the case.
- Mandatory change of temporary passwords. Temporary passwords are emailed to you, so the message goes through one or more servers, which relay it to your mailbox where it is stored for a period of time. These are all possibilities for them to be read by unauthorized third parties. The security level of the temporary password is therefore not sufficient for it to become your lasting password.