These instructions are intended for those who are responsible for setting up and maintaining the online meeting resources for groups and meetings. Members attempting to join a meeting click here. Please read the instructions below so the correct information is provided to WAIA and all members and newcomers can easily attend your meetings.
Many groups have decided to remove the password requirement because other methods have been highly successful at totally eliminating the disruptions caused by trolls.
Groups opting to keep the password have a new way to think about this as a nuisance – rather than a password.
Groups have 3 options:
- Provide a meeting password to WAIA and we will post it with your link
- Provide a means to contact your group to get the password
- Not provide a password (Or inform WAIA no password is required)
If a group requests that we remove the link to their meeting – we will – this has been occuring as meetings are choosing not to provide the password when they wish to require one.
WAIA will not be removing any meetings (i.e. de-listing the meeting) who do not require or provide a password – we will however be indicating if a password is required but has not been provided to attempt to limit the frustrations of those attempting to join and the number of phone calls we get asking for passwords and we will be removing links to online meetings groups who do not supply a password after discussing (or attempting to discuss it) with the group.
In any case – security methods should be used to prevent disruption to your meeting.
Barriers to entry are terrible for newcomers and frustrating for members – getting to AA meetings should be as easy as possible and open to all.
1. Provide a meeting password to WAIA
The best way to provide WAIA the information we need for your meeting is to invite us to it! When editing your meeting, click “copy the invitation”
Copy ALL the text that shows up and send it to firstname.lastname@example.org we will sort out the important information to post.
But doesn’t posting the password make it less secure? Whats the point of a password?
2. Provide a contact
Several groups have established email addresses like “AsBill12345@gmail.com” and select a member responsible for responding promptly to anyone who asks for the password. WAIA will NOT post a member’s private email address but will post one of these.
On request to email@example.com WAIA will provide a forwarding email address if the group does not want to establish a free one -for example we would establish “AsBill6pmFriday@aa-dc.org” and forward all email sent there to a group member’s private address. This would be a temporary service and no access to the email or storage of email would be provided.
A group suggested purchasing a disposable cell phone – or getting a google voice or other VOIP account – provide that number to WAIA so people can call or text asking for the password.
3. Remove the password requirement or do not provide it.
The zoom rules on which meetings are forced to have a password are vague and all groups should check their meeting settings. The easiest way to tell if your meeting requires a password is to look at the invite – see #2 above.
If your meeting link has this underlined section, it requires a password:
Or, in the invitation, look for “Password:”
Because there are several places where passwords can be turned on, set, and possibly turned off – please refer to ZOOM documentation or their support resources.
If a meeting requires a password and the group does not provide it to WAIA the notice below will be added prominently to the meeting’s notes:
PASSWORD REQUIRED AND NOT PROVIDED
If you know your meeting does not require a password – please let us know and we will add the following to your meeting notes:
PASSWORD NOT REQUIRED
Passwords-What’s the point?
Zoom started requiring online meetings use a password in response to one particular kind of attack – a “brute force” attack. With the explosion of Zoom meetings trolls were having success testing every possible meeting ID (a link like zoom.us/j/000000001) thousands per second to find unsecured meetings. When these meetings were found the trolls would release the IDs (links) on social media and many attackers would converge – disturbing the meeting.
The passwords can still be guessed by a “brute force” attack but through a technique called “security by obscurity” the amount of time it would take to test the tens of millions of meeting IDs and then the billions of possible passwords becomes infeasible as a means of attack.
Securely providing passwords
When businesses have meetings they usually send the link and password privately through email – often in the same link. But we publish our meeting listings publicly so newcomers and members can find us.
Providing the link publicly and password privately to an AA meeting is like publishing the location and time of your meeting in the newspaper but asking people for the password they got from a friend when they get to the door of the church – turning others away.
As long as the password can be requested and it’s promptly provided – ease of access can still be maintained.
Password and link in the same place?
Yes, if a troll is on our site they will see the link and password in the same place and be able to enter the meeting. But a password is a sign the meeting is serious about security and the troll may move on to an easier target.
If they do get in the zoom security settings can make the difference preventing or reducing the impact of an attack.
If they get in and get a reaction it’s likely they will post your meeting info for other trolls and come back.
Change your meeting ID and password – we are happy to re-post as often as necessary.