Get an account
Everyone involved in the coordinated vulnerability disclosure process will want a VINCE account. Obtaining a VINCE account is easy! Visit our web page and get started.
Creating an account
- Navigate to our VINCE page
- Click on "Create an Account"
- Complete the VINCE form
- Watch for an email response granting your access.
Completing the VINCE form
- Enter a valid email address which you can access.
- Create a New Password with these requirements:
- minimum length is 8 characters
- Requires at least 1 number
- Requires at least 1 special character ("+" and "=" don't count)
- Requires uppercase letters
- Requires lowercase letters
- Password confirmation
- Preferred Display Name
Note: this name is visible to other VINCE users. It may only contain 1 space and may not contain special characters. - First name
- Last name
- Company/Affiliation
- Job Title
- Click the box to agree to the terms of service.
- Click on Sign up
Verify your account
When signing up for a VINCE account the user needs to provide a valid email address to receive the confirmation code to verify your account.
Once you receive the access code please
- Enter the code into the form
- Click submit.
Account approval
Once you have submitted the confirmation code, your VINCE account needs to be approved.
- VINCE coordinator reviews your account for approval.
- Upon approval,
- You will receive an email indicating your account has been approved and you are directed to kb.cert.org/vince to log on.
- If you have your browser open and the approval came quickly, you may also have a popup box indicating you can not login.
- You will receive an email indicating your account has been approved and you are directed to kb.cert.org/vince to log on.
Login first time - Multi-Factor Authentication Required
VINCE currently offers a choice
- Time-based one-time (TOTP) passwords as second factor authentication. To use TOTP, you need access to an app such as Google Authenticator, Duo, or LastPass Authenticator.
- Short Message Service (SMS) text messages
TOTP
- Select TOTP
- The system generates an image that is scanned into your device, running an application ... and displays the scan code on your screen
- Scan the code into your authentication application. This action should generate a code.
- Enter that temporary password (or code).
- (Optional) Name that device, software or application, so you may easily access the correct code generator.
- You will have two forms of confirmation your account has successfully enabled TOTP Multi-factor authentication on your account.
- Web page indicating success and displaying your User Profile
- An email message
- Web page indicating success and displaying your User Profile
SMS
- Select SMS
- Enter the phone number you will use to receive text messages containing an authorization code.
- Use the International format as follows: + (country code) phone number
- If you have a United States number, please use +1 NPA-XXX-XXXX
(NPA: Numbering plan Area a.k.a. area code)
- Verify your account by entering the authorization code contained in the text message.
- 2FA required
- Recover/reset account
- Want to be anonymous? See FAQ, can report without creating account.
--- if not Will; maybe a separate page? ---
- For vendors
- Creating a vendor
- Add user to vendor
- Vendor administrator