Maintaining Callsign Certificate Security
The Callsign Certificate that the ARRL issues to an LoTW user authenticates contacts submitted by that user. A Callsign Certificate can optionally be password-protected. LoTW users are expected to protect their Callsign Certificates so that contacts are not fabricated. Therefore, the ARRL strongly recommends that Callsign Certificates maintained on shared or public computers be password-protected.
If a Callsign Certificate is discovered to have been compromised, all contacts submitted with that Callsign Certificate will be removed from LoTW, all confirmations generated by those contacts will be invalidated, and all award credit generated by those confirmations will be revoked. Users who allow their Callsign Certificates to be compromised, or who knowingly exploit compromised Callsign Certificates may lose their privileges of using LoTW and participating in ARRL-sponsored award programs.
If you know of compromised callsign certificates or other security violations, please alert LoTW staff via LoTWfirstname.lastname@example.org