Unauthorized about dynamicdnsupdater HOT 4 CLOSED

i'm sorry, i noticed your issue only now.
if you are using desec as service provider the url is the default one "update.dedyn.io".
you must fill as username and hostname the same thing which is your dns like: "your-choice.dedyn.io" and as password the password they provided.
i tested it right now with my desec account and it works.
are you using desec or something else?

about the password stored in clear what exactly worries you?
i'd like to receive an answer like "i'm worried that my brother uses my pc and steal it" or "i'm worried that some attacker from the internet hack my pc and then steal it".
from who you want the password to be protected? (what is your threat model?)
you may want to take a look at the security faq->password but maybe it's a bit technical.
if you answer the above question i will happily help with the proper answer.

from dynamicdnsupdater.

i'm sorry, i noticed your issue only now.
if you are using desec as service provider the url is the default one "update.dedyn.io".
you must fill as username and hostname the same thing which is your dns like: "your-choice.dedyn.io" and as password the password they provided.
i tested it right now with my desec account and it works.
are you using desec or something else?

I figured it out... The use of the word 'password' messed me up; I was using the 'password' I created for the deSEC account. I finally realized the app was looking for my user 'token'.

about the password stored in clear what exactly worries you?
i'd like to receive an answer like "i'm worried that my brother uses my pc and steal it" or "i'm worried that some attacker from the internet hack my pc and then steal it".
from who you want the password to be protected? (what is your threat model?)
you may want to take a look at the security faq->password but maybe it's a bit technical.
if you answer the above question i will happily help with the proper answer.

IMO and I would imagine most security professionals would agree; storing passwords in the clear is almost always a bad ideal. I know I don't like the idea, especially a token to an domain API. I would think .NET 4.8 has a some great cryptography system tools, Perhaps not?

from dynamicdnsupdater.

.net has crypto but i encrypt your password with what? AES? but aes needs a password! so which one i use? a hardcoded password in the (open source) program? it doesn't add any security...
just few examples: thunderbird and outlook both have a button to show saved passwords, windows has a menu to show saved wifi passwords.
all this without needing third party tools.
storing a password is bad if it is a password for your service, so if you open a website where people can register you don't want to store users passwords but if you need to login to your wifi, mail, ddns, you must store the password and store it in a way that can be recovered automatically.
it's up to you to not let random stranger use your pc/don't open virus because they might steal all your saved passwords and files.
dpapi could be an option but it doesn't change much...

from dynamicdnsupdater.

.net has crypto but i encrypt your password with what? AES? but aes needs a password! so which one i use? a hardcoded password in the (open source) program? it doesn't add any security...
just few examples: thunderbird and outlook both have a button to show saved passwords, windows has a menu to show saved wifi passwords.

1. I must be missing something, I'm running the latest version of MS Outlook at work and I see no such button for the account password. I run the latest version of Thunderbird for home use and also don't see a button to show password.

2. I can see you are settled on the matter, so I will end this conversation.

from dynamicdnsupdater.