Maintaining Callsign Certificate Security
The Callsign Certificate that the ARRL issues to an LoTW user authenticates contacts submitted by that user. A Callsign Certificate can optionally be password-protected. LoTW users are expected to protect their Callsign Certificates so that contacts are not fabricated. Therefore, the ARRL strongly recommends that Callsign Certificates maintained on shared or public computers be password-protected.
If a Callsign Certificate is discovered to have been compromised, all contacts submitted with that Callsign Certificate will be removed from LoTW, all confirmations generated by those contacts will be invalidated, and all award credit generated by those confirmations will be revoked. Users who allow their Callsign Certificates to be compromised, or who knowingly exploit compromised Callsign Certificates may lose their privileges of using LoTW and participating in ARRL-sponsored award programs.
If you know of compromised callsign certificates or other security violations, please alert LoTW staff via LoTWfirstname.lastname@example.org
Trusted Partner Program
The ARRL'sTrusted Partner program defines the requirements for an online service to store Callsign Certificates with acceptable security. Users can rely on a Trusted Partner service to provide acceptable security, and are absolved of responsibility for the Callsign Certificate security provided by that service.
The following organizations have attained Trusted Partner status: