Bitcoin Forum

The user must enter his bitcointalk address along with a signed message while signing up.And there should be an inbuilt message verifier.So that he could recover his account if it gets stolen or hacked by re-signing with the same address with the time stamp.

I like this and hope something similar gets implemented. We know 2FA will definitely be added and IIRC there were talks about adding address signing to the list of 2FA solutions.

I cannot think of a better way to stifle forum growth than this idea!

Maybe we should hide the domain name as well!   ;)

How is it going to stifle up the forum?
Its only going to add an extra layer for security.
What if your email account gets hacked too and your address wasn't quoted by anyone?
Then there would be no way to recover it.
Unless the database has your address stored.
I think you got the the idea in a wrong way.

Fancy auth methods are already in planing[1], but what exactly is a "bitcointalk address"?

[1] https://bitcointalk.org/index.php?topic=523070.0

I generally support the idea of adding 2 factor authentication, with signing a PGP/Bitcoin address. But, I don't think it shouldn't be forced upon the user when registering. It should be a optional feature. Majority of the users who sign up here are not only new to the forum, but new to cryptocurrency and Bitcoin. Therefore, they may not have a Bitcoin address, even though it's easy to get an address, I'm sure getting an address isn't going to be their main focus.

You've also got to consider, that some members are here to discuss and follow the technology, rather than trade. This has been displayed before when a few users have actually stated that they have no Bitcoin, but like to discuss and learn about Bitcoin. There's probably many reasons that I've not brought up, including the alt coin scene which I'm not going to get into here as you probably get my point by now.

Good idea but it should be allowed after sign up because many users who sign up for the first time no nothing about bitcoin address and how to get one

2FA with PGP or signed bitcoin messages is something I would very much like to see.
It's something that has been mentioned in the past, but I don't think anybody is working on it.

Not right now there isn't, as work on 2FA hasn't even been started yet afaik. But the complete product will have various authentication methods.

so would we be confined to just one address?

Then there should be a help button in the sign-up form.Which will guide them on "How to get your first BTC address".

Nope.
That BTC address will only be used for authentication.

So essentially you're making buying/selling of accounts pretty much impossible unless the seller gives the priv key along with the account? Which also means mostly accounts that were created for the sole intention of being sold would be sold.

I dont think the idea of any 2FA is that you can never change it. It wouldnt be the first time someone lost their phone.

Quick question: wouldn't that ruin the whole idea of the bitcoin verification? If an account was hacked, all the hacker would need to do is change the address and the original owner would have to do the whole bitcoin-signing-of-old-messages-containing-bitcoin-addresses thing.

Of course we can't stop this activity.As I said earlier it will only be used for authentication.

Naa.You won't be able to change the address.Just like you can't change your username.

I don't think the forum needs any extra security measures as of now ,also thermos dosent cares about account stuff as much as he cares about the forum ', I don't see abundant threads about hacked accounts in META too, its a different case if a legendary account is hacked.

Well the other option is to ruin accounts just because someone lost access to their wallet. You cant have both. This is why I think it should be optional to use 2FA and to have maybe a 3rd (or more) auth option as fallback. E.g. 1st is user/pass 2nd is bitcoin signed message and 3rd is PGP signed. Login would be possible if 2 out of 3 are passed. The same way 2 out of 3 would allow to change any one of them, change the scheme (to e.g. 3 out of 17, 1 out of 2, etc.). I would think a forgotten password or a misplaced backup is more likely than a hack and the security mechanisms should not tunnel vision on a single issue (e.g. hacks).

I come up with the same idea.
This would for sure prevent account hacking and make recovering a lost account easier.

sounds like a good idea, it would also stop the buying/selling of accounts, because no one would buy an account as the owner would be able to recover it so easily.

This won't stop account buying/selling, users usually sell private key along with the account.

Agreed. But when you sell your private key, the original owner still has the possibility of recovering, as well as the new owner of the account.


 

yep, just cuz the owner provided the private key doesnt make it safe, the owner retains the key.
the owner would have to be extremely trusted to not reverse the account. this kinda reminds me of paypal, bct accounts would become just like paypal.

Great idea.
And it will prevent majority of the scams which are done with bought accounts.

Some newbies are more to understanding Bitcoin when joining this forum and they would probably have only the exchange deposit address as it's much simpler. We can perhaps make it optional. Also, if the address's RNG is weak, it could be cracked and people can use it to hack the accounts if it cannot be changed. This may also be an issue now but it would be a much bigger issue if users are confined to using only that address to confirm their identity.