Unraid net Account Cognito Blog 2

On March 1, 2023, Unraid.net Accounts are migrating to a new identity provider. This will give you a simple, secure way to authenticate with our cloud services moving forward.

The affected services will go into maintenance mode at 9 am Pacific; afterward, you will sign in with our new identity provider. 

The steps to complete the migration are as follows:

Step 1

Sign in using your existing forum email address (not username) and password using the sign-in button of the Unraid forums. If applicable, you can also sign up for a new account at this step.

Screenshot 2023 03 01 at 12 07 54 PM

Step 2

Updated March 6, 2023 – If your existing password does not meet the new complexity requirements: 12 characters and not compromised (see FAQ); you will need to reset your password to one that is strong enough. You'll be sent an email with instructions to reset the password before you can complete the sign-in.
 

Best Practice: Use a randomly generated password by a password manager and don't repeat passwords across accounts.

Screenshot 2023 03 01 at 12 00 13 PM

Step 3

You must confirm your account by clicking a link emailed to you (New signups only). You will be sent a verification code to your email for already established accounts.

Screenshot 2023 03 01 at 12 41 07 PM

Step 4

We highly recommend that you also set up MFA with this new identity provider. To do so, click on your account name in the top right of the forums and click "Manage Unraid.net Account".

The previous 2FA system you may have set up for the Unraid forums will no longer be used and will need to be reconfigured.

Once your account has been migrated, please sign in using your email address and password going forward. The new system uses Single Sign On, so you should only need to provide your password and 2FA codes once per browser as you move between services.

Having troubles logging in?

Open a support ticket and we'll get you sorted.

FAQs:
 

Q: Why the change? Was there a security breach?

A: No. We wanted the ability to provide easier access to other Unraid services, and a unified Unraid.net Account allows us to provide authentication across our websites and protect your personal information.

Q: How is a password determined to be compromised? (updated March 6, 2023)

A: We use haveibeenpwned's public password checking API. Your password is converted to a SHA1 hash and the first five characters of that hash are sent to api.pwnedpasswords.com. This returns a list of the remaining part of the potential hashes matching the first five characters. We use client side matching to determine if your hash appears in the returned list. Your plain-text password is NEVER sent to any other website except for the user authentication service.

Learn more at haveibeenpwned.com.

Q: Why must I sign in with my email address rather than my username?

A: This is an additional layer of security. Your username is displayed publicly in the forums, but your email address is not, so an attacker would have to know both your email and password in order to sign in as you. We also recommend enabling 2FA.

Q: Why do I have to change my password? 
 

A: Only passwords that do not meet the new requirements must be changed (updated March 6, 2023 – see Step 2 above).

We highly recommend the use of a password manager to create a strong password.

Q: Will this affect how I login to my server?

A: There is no change to logging into your Unraid server locally; that will still be done with your existing root password.

Q: What new identity provider are you using, and why?

A: We are using AWS Cognito for identity management. This protects you by keeping your hashed passwords secure and out of our hosted infrastructure and helps us by providing single-sign-on support out of the box.

Read more about AWS Cognito data security here.
 

Questions or Comments?

Please post any questions or comments in our forum post.

Unable to log in?

Open a support ticket and we'll get you sorted.

Img Pricing 1

Pricing

With affordable options starting at just $49, we have a license for everyone.

Img Trial 2024 02 08 212340 axtg

Try before you buy

Not sure if Unraid is right for you? Take Unraid for a test drive for 30 days—no credit card required.