Passwords and Security
Security is always rather complex. The fact that we operate on a shoe string budget doesn't make it any easier to understand. This is the easiest explanation I could come up with. Some of the terminology is ours, as we are not aware of established terminology.
Security level
This is not Fort Knox. We just want to make misuse more difficult.
Choosing passwords
Don't use your favorite passwords for this account; if this web server should fail and spit out your passwords we don't want other accounts exposed. It is ok to reuse minor
passwords.
We use 2 conceptual passwords
Why are there 2 passwords?
- The "web" password. A means to password protect a web page. Thats
what your scouts type when they access a protected web page. Different web
pages may have different "web" passwords. A unit webmaster can give out
"web" passwords to your boys him/her-self. Password
tool.
- The "tool" password. Checked by the our webmastering tool before
executing their function. This is a different password for the simple reason
that internally the checking happens with a different mechanism (our own). (Only
the council webmaster can set up "tool" passwords.)
Other Security Concerns
Limit use from public workstations because the workstation might retain your "web"
or even your "tool" password.
Watch a browser's back and forward buttons: Both buttons could retain the "tool"
password if you don't clear it yourself.
Passwords on our server are stored in encrypted form only, but they are transmitted in clear text.
scoutway About
Unit Web Pages
