Bitcoin Forum

So I have Kaspersky and have a relatively secure machine. My mate used my machine and I think must have somehow got a virus on it. Well my facebook and paypal both begun SMSing me confirmation codes of login attempts. It had pretty much compromised most passwords that had been entered since, including what is on BTC exhanges, all of which I have 2FA enabled. All my held coins are in coinbase multisig vaults or my trezor wallet and are safe.

If you have not yet done so, please enable 2FA. I hear plenty of horror stories. Total in all my wallets (coinbase, 5 BTC), trezor (3 BTC), LTC (68) on exchange, 1 BTC on exchange as well.

we are talking over £3000 in total which to me is an insane amount of money, I bought most of my coins over a lot of time. The only coins I have 'mined' are ETH to BTC recently, some of that was what was in the hot bitcoin-QT wallet, the rest I mined through ETH (totalling 2 BTC) has been moved/converted to LTC some of it. I prefer to buy as I stand a better chance of profiting, and just solo mine with small rigs for luck, profiting is difficult otherwise.

All of this was safe due to a combination of safe private keys and in the case of coinbase 2FA is needed for the vaults anyway, and 2FA for the exchanges.

If you havn't yet enabled it, ****ing do it!

The only coins which were 'unsafe' but not touched was 0.25 BTC in my hot bitcoin QT wallet, just reformatted and restored wallet.dat, hadn't used this in a while to sign transactions, wallet was encrypted, although if you use it a virus can just swipe your private keys the moment you decrypt.


I am careful with computer security (everything i use with 2FA has it enabled, but it got me.

Enable it!

Plus, maybe also keep coins in separate wallets too, I have heard people having large amounts stolen from a single wallet, hence my diversity.

Even consider a hardware wallet, it might just save your skin too.

i shoot anybody who tried to come near my computer because of this.

BTW my coins are all in cold storage

I couldn't agree more with you mate . Still , people won't do that unless they get hacked .
Do you think people learned the lesson from what happened to Mt.gox for example ? Hell no ! they are storing their coins in other exchanges for long time and they will cry once It gets hacked so unless they get screwed I don't think they will do anything about it . It's the sad truth.

Btw , It's not that hard to make a FUD (Fully Undetectable) virus for a skilled programmer so having an anti virus won't change much if you are facing a skilled hacker/programmer .

I simply do not allow anyone but me to use my computer. I do not have facebook and such and I use several email addresses. My btc are in cold storage and so far I had nothing to worry about.

We're the first security layer of our own stuff. And, actually, I hate 2FA. I used it only once for bitstamp and I then stopped using bitstamp.

Glad to hear that, all your coins are safe because 2fa. I'm nut using 2FA though, but because of this topic, i will try using 2FA now, is it hard using 2FA ? Because i never use it.

You really hate 2fa? Whats to hate, at the most it adds a whole 20 seconds to account logins but worth the time.
If you keeping any amount of coins on an exchange or hot wallet it is recommended that you add 2fa.

Not hard to use at all. Just download one of the 2fa apps like Google authenticator or Authy scan the provided QR code from your wallet or exchange and your set.
Some accounts also offer 2fa via sms, there is much debate on which one is better.

I do not have any money on any exchange: when I need them I use them but I don't store my funds there. My hot wallet has less than a btc therefore I consider it ok i f I lose them. But again, so far I've never had trouble. :)

It's easy , most of the time It require phone verification . the website will send you an SMS or phone call with a "code" you type the code (+ the ID & pass) on the website and you are logged .
So ... without your phone no one can really connect into your Blockchain.info (or other websites) accounts.

Definately use 2fa for everything where it is possible. It adds a much needed security layer in current times.

Also good to use some program that obfuscates your keytyping to make it harder to get a crack at the first layer as well.

You cannot be secure enough on the internet imo. Especially when money or your identity (e-mail, facebook, etc) is concerned.

No machine is "secure" if someone can come and use it without your knowledge. "I said Relatively" I can already hear, ok, relatively respect to what?

i don't do it s well as i get to move from one computer to another. its always a hassle due to the phone verification and that taking my phone again and wait for the codes to input.

my machine is not touched by anyone else, no friend or family member can touch it without my permission, and usually i would not permit it anyway

i do agree that is better to be safe than sorry, but the primarily reason for those stolens wallets, is because of negligence in primis, there is no prevention ever...

Very handy :-) I am usually okay letting my friends use my machine without an issue this seemed to have originated from a memory stick when we looked into it, I am okay with friends using my computer as the friends I do have I trust not to anything on purpose. But it goes to show that
In cases like this enabling things like 2FA can help especially if you share your computer bit even the most security literate can be comprised!

Jacob

you should always take advantage of any additional security point that you can get your hands on. it is not just 2FA. anything that can be done in order to make things even a tiny bit more safe is good.

Excellent point in regards to security. Glad that your funds are safe due to the 2fa. I on the other hand dont trust anything that is stored on comp or phone.
That is why i have everything on paper wallet, with all traces of generating those erased from my computer. Security is good with both options imho, just a matter of personal opinions differ.

Step 1) Don't let 'mates' or anyone use your machines. Else you get "viruses" by accident.
Step 2) Don't use online wallets unless you really have to, otherwise do what OP has suggested (even though I still don't recommend online wallets).
Step 3) Let this be a lesson to those that have insecure wallets.

I have 2 laptops in my house, 1 is for everyones use (my son and wife) and 1 for my Bitcoin transaction. I never allow my wife and son to use it, it even asks for my fingerprint before they can open it. I use 2FA on my email and my wallets. Better to have it activated rather not and I need it.

sad story,again and again peoples reported about losing their assets because hacker or other,and yes i'm agree we should enable 2FA,but i'm also think its dont need for me and other people who just have little bitcoin or other assets ;D

Not hard at all, you just need a smartphone and the Google Authenticator app. Also I have read in different posts in different part of this forum, you need to have a clean machine when enabling it as there are still risk with enabling 2fa in an infected machine, but don't know much about those risks, no one has explained them in detail yet, just make sure you have a clean machine, so run a scan with your internet security first before enabling 2FA

Well I decided a long time ago that I was gonna trust Coinbase with my Bitcoins so I have almost nothing on my computer. I do have 2FA with Coinbase though. Just can't handle the hassle of local wallets plus having my coins online is so much more convenient.
On a different note, life is still peachy on Linux, it's been nearly a year and half since I switched from windows and I haven't even bothered to install an antivirus software  8) I'm just careful to avoid shady sites and email links and that's about it.

With a trezor your relatively safe if you check the address on it when you send coins, the coinbase isn't a typical online wallet but a multi sig vault where they have a key, you have a key encrypted with a passphrase that they hold and you print. And a third printed key that allows recovery if passphrase forgotten.

I let people use my machine under supervision, the USB stick was unlucky but due to security measures I take with my funds and i keep my data partition unmounted unless I use it, moving to Linux again soon. I am intending to get a cheap laptop for bitcoin use to be fair, 2FA is just a separate security layer thats silly not to activate :-)

It is a must I think when dealing with money!

Jacob

Edit: even with Linux is good to take precautions. I will admit since using kaapersky for years this is one of the first thing to slip through kaspersky net that I know of for me.

I think its all the same because many people can bypass the 2fa, 2fa is useless if your gmail account is being hack and for me i dont enable my 2fa because it is hassle when you open your wallet to many tabs to open and so fare i dont experience victimize by hacking and it is your responsibility tp take care of youe wallet and it depends on how you handle it to avoit being victimize by that scheme is to avoid shortened link

A trezor is a good bet too, not that expensive and your private keys are safe, use it properly and its a good buy. I do highly recommend it.

No harm came to my coins from use of 2FA on exchanges, being vigilant with private keys in the case of the coinbase multisig wallet, and the trezor. Have more than 1 BTC or so, a trezor or  something like a multisig vault for simplicity is a good idea.

And most important, don't keep your entire BTC wealth at a single wallet!

Jacob

Enabling 2FA is must if you want to keep your account secure. On enabling 2FA, your wallet cannot be hacked and you are safee

yeah, right..
enable 2FA feature before late. Especially if you have a large amount in the wallet, really big mistake if it doesn't enable the 2FA feature.

Agree on all points.

I have on occasion let a friend or family member use my laptop for something small/urgent, but I have always been present and watching all the while.

And 2FA is definitely a must. It will help you sleep at night.

Enable 2FA is better for good security

Wait you had Kaspersky antivirus and other malware protection software installed and your friend still managed to infect you with a virus?
it is quite a feat if you ask me. I miss times when computer viruses only slowed your machine down, now they can rob your money. Insane times.

Thanks for sharing, this shows how important 2FA is whenever possible.  It can be a pain but it is so worth the few extra seconds to save 1000s of dollars in btc/crypto.

enable 2FA sometimes very inconvenient, so we could not log on quickly and it was very disturbing, but on the other hand, it provides a promising safety, I am happy to hear that reason

How do you know it wasn't you that put the virus on the computer?
If you have £3000 on your laptop and consider that valuable, don't lend it out just in case.
good to hear that the ttempt to breach security was foile by 2FA in this case.

Dude, you reveal too much information about your private finances in public. You could have told this story, without revealing your Bitcoin totals and where and how it is stored. Just keep the majority

of your coins in cold storage and you would be fine. Place some unsafe Bitcoin addresses with a small amount on your computer as honey traps and when they are triggered, you know your computer

is compromised. Once they are triggered, just do a re-install or re-load the virtual machine. Good luck mate...  ;)

Well i don't think it is very risky, although your story could be also good without revealing all the numbers. In essence you are right.
If there is 2FA enable it.

The trezor and coinbase keys are not stored at my house so I am quite okay, only my 'hot' QT wallet holds funds that I wish to access quickly. I could access my coinbase funds and with a wait of 48H move them to my bitcoin debit card if i was in need of urgent funds abroad or at home.

I was surprised as kaspersky is a very very good security application which when properly set up has stopped much. Actually it detected the virus with the latest update which makes me think this was some kind of zero-day exploit which even kaspersky would be limited at checking. I have set up the kaspersky safe money which i figured out how it works, it can help protect ageinst keylogging using a type of hypervisor  set up. I have used kaspersky since 2009 and this is the first attack i have had of it's kind on a machine with it installed.

2FA has a key limitation though that it does not protect against attacks at the wallet providers back-end, OR something like mt.gox. So keeping funds in different wallets, and keeping things in different physical undisclosed locations (such as my trezor and it's seed) and having only a small working amount accessible at any one time can limit  damage.

Keep 20 or so BTC in a single wallet id be worried unless its a trezor or similar. Just how i wouldn't keep 50k or more in a single account.(i wish i had that!)

And if you want a vanity address like my hot wallet, do not generate it online, but do it yourself... if you do not own or have some control of the private keys, its not yours. Thats why i liked the coinbase multisig vault to help diversify my BTC assets as they grow and trezors.

My friends machine happened to be clean on checking, the only place we could have got it from is our college network, which my lecturer actually has warned us to be very careful with as its not that secure...

He has his memory stick encrypted with a container and unencrypted space and has a traveller version of truecrypt on it which turned out to be the affected executable, it wasn't an 'autorun' virus as such and that is disabled on windows 10 by default for USB drives.

We have tracked down the problem and he was stunned so whatever it was had somehow infected that executable which kaspersky flagged up on an update, he has used my machine plenty of times with the same stick without issue in the past.

Moral of the story is, diverisfy your bitcoin/crypto assets, enable 2FA, and for more than 2 or so BTC, invest in a trezor and keep it's seed safe.

While they got past my  first layer of security (complex passwords of random numbers and letters and symbols) due to side channel attacking (keylogging)

They were stopped by the second layer (2FA) and all other measures, the moment i got the SMS from paypal saying i was trying to log in it raised the alarm and got me to change all passwords on a safe machine quickly.

It saved me hassle like no end, I set up 2FA on my other accounts because my mother is deceased and thus irreplaceable messages and content exists on there, although all text messages were backed up.

even my email has 2FA set, its set on everything possible to set it on

on paypal you can bypass the 2FA if you were phished and gave away your account security questions.

my PC does also have full disk encryption as do my telephones, I do take as many measures as I can with security, i have taken this a step further after this by making my main PC user account a 'limited' account without administrator privileges.


The virtual machine is a good idea, although for my bitcoin QT hot wallet im not too fussed as no more than £80 will ever sit in that wallet before i move it, unless I solo mine a block which will end up safely moved and diversified.


I posted this as i have ready many, many horror stories on this forum of people loosing large amounts of coins due to lack of 2FA or from live wallets such as bitcoin QT or lost from online wallets, or stolen from vanity addresses... Such simple measures can really help, a print out of a private key stored somewhere safe such as a safe deposit box could save your ass against forgotten wallet passphrases even...

no matter how much we have bitcoin,and no matter which wallet used by us,i think applying 2FA is important thing for secure our bitcoin,one that should make sure by us,dont lost your devices.

This. Don't share computers, run anti-spy ware often, and be very careful of social media, it's used to harvest personal info to give hackers access to your life (especially old school banks which still ask questions like "what was your first school").

I used my common password at Yobit.net and now i'm paranoid as hell that they are going to use it to hack my other accounts. I changed the password since, but am wondering if they still have access to the previous password.  ???

If you are storing your Bitcoin anywhere with 2FA, you should have it enabled. No exceptions.

2FA makes it infinitely harder for anyone to access your account, and requires both your phone and the access point to be available, not just the access point. I have coinbase and a personal wallet, and I use 2FA for both.

This is why you don't let anyone touch your clean drive. If you are storing bitcoin without an air gap, you really should either use 2fa or only use that device for bitcoin.

2FA should just be default on any sort of account that is used to access financial assets. It can be a pain in the ass, sure, but I'd much prefer it to be more prevalent.

I agree wholeheartedly. Finances aren't something that people should take lightly, and when it comes to online banking in this world, you have to realize people are out there to take all your money and all security measures need to be taken.

Obviously, first stop where you set-up 2FA is your GMail (or other mailbox) registered with all important services.
You are free to have your opinion, but making a point against having everything locked with an extra key, with assumption that all those extra keys are going to be kept "under the door mat" is... pointless.

It is true that enable 2FA is the solution to prevent loss/hacking the funds we have diinternet, but sometimes has a way of hackers breaking into your 2FA can, so if you don't want to lose your funds, you should use wallet offline to menyimpana your investment funds or to keep some funds into your Wallet offline, so if later the unwanted things happened you still have a portion of those funds.

2fa is useless if your gmail account is being hacked :o

good advice. I also use 2fa. even it a little bit makes a fuse for me, but it's usefull to protect my bitcoin. so I don't have to concern about the security of my bitcoin. it's save.

that's right, exactly, use it before you get hacked.

this is why you move your funds to a more secure wallet as in cold storage and only keep a very small amount in your hot wallet. keeping funds in an online wallet is exactly like keeping cash on your desk and have your desk accessible to millions of hackersrobbers by placing it in the middle of street!

Personally I don't have 2FA enabled anywhere on my accounts because it's just a hassle for me and it slows down logging into websites. I am using a password manager like LastPass and have replaced all my passwords with very difficult to crack ones and I have been like this for almost 2 years now and haven't had any issues. But I don't leave my laptop unsupervised anyways so no one has physical access to it to alter things. But if someone tried all the data is password protected and encrypted within the password manager so let them try  ;)

I will never enable 2FA. What happens if for some reason I lost my phone, it is stolen, or I lost my number by any reason?! I can imagine it can bring you many troubles.

You just need to follow simple security rules to keep your accounts safe. It is not rocket science.

Better safe than sorry!

its why you also need 2FA in your google account,its important for every account,not just for wallet account. the only way to hack this security is by phising and lost the device,but its a small chance to happen.

The sites offering 2FA also offer a secret key. Open your eyes, save that and your 2FA is safe even if you lose your phone.

Of course, you can do it your way, which is good until proven otherwise.

there are a lot of ways to recover your funds. you can export your wallet or private keys in form of paper wallet to have them in case you lost your 2FA, password, ... and got locked out of your BC.I account (may be different in other wallets). so you can import them into another wallet core, electrum,... and use the coins.

also if you look around in all those services there is a reset 2FA or recover account option
example: https://blockchain.info/wallet/reset-two-factor


no argument there!


to be safe means looking around and enabling 2FA not ignoring it because you "think" you lose access if you lose your phone.

as long as you have the secret backed up, using 2FA should never be a problem

Two Factor Authentication is there for security. This is what happens when you don't take advantage of the service they are providing in the expense of ease. This might've been a lesson for you, learned in a hard way. I always enable 2fa in almost every account I have if possible to prevent hacking potential.

you should really try and read what OP says before posting, he said he had 2FA enabled and that is why he didn't lose anything at all despite the fact that all his passwords were compromised. and that is the power of 2FA which almost all the services are offering these days to prevent hacks.

Yes this should be a common practice to enable 2FA for accounts it's available on as it will be quite the hurdle to overcome for any hacker who is trying to get to your financial data. I am using 2FA also on all of my email accounts as well because this is usually the first point of attack before going for your money.

I actually set up my authencator keys on two separate phones, I have 1 business phone and my usual phone, both encrypted and I also keep a print out of the 2FA keys stored safe. So loosing my phone wouldn't make things that difficult.

I think with 2FA that not enabling it when it comes to money is asking for trouble; the trezors are very very good though when it comes to a security layer.

A few seconds logging in? when you have money or time or data involved, whats the problem. Saved me a ballache at best, lost money at worst.

To those who don't enable it, it kept my coins (minus trezor coins which are protected by their nature as long as you ensure the sending wallet matches where you want to go on the trezor display) safe. The coinbase multisig vault also times withdrawals.

I second the email account, sometimes I can be a bit annoying having to get it if my phone is out of reach, but especially after this I know my decision to enable 2FA among other security measures was the right one, I have never had such an attack in years of sharing my PC and using it myself,

If posting this leads to even a SINGLE attempt to steal coins stopped, then I did my task right.

Jacob

No matter how many layers of security one will implement there's always one thing that needs to be taken into account which is, as we said earlier, the "human user" problem: technology is pretty good but we are the unsolvable problem!

Hello all,


Check out vTorrent client if anybody still looking for 2FA for Bitcoin-QT.

https://github.com/vtorrent/vTorrent-Client/releases/tag/0.8.1 (https://github.com/vtorrent/vTorrent-Client/releases/tag/0.8.1)

https://ip.bitcointalk.org/?u=http%3A%2F%2Fi.imgur.com%2F0muQofi.png&t=568&c=aeMDWdDD8ch0yA

Regards,

vTorrent

I can say that most of people are lack of knowledge about 2FA so they don't enable this feature and the rest just worried to use it because they think that once they lost the 2FA key they will losing their precious even it's really wrong,but 2FA still rarely available for some site,especially a site that's not related about money even it's important enough

I think it's not just because of that, using 2FA is needed an extra work because we have to check our phone first before doing anything with the wallet. And for most people, this thing is inconvenient because they think they're just too lazy to do it even tho it's very important to them.

Any financial service with more than $50 in it should use 2FA.
Its much less trouble to spend a couple extra seconds to check a phone or a key for a code,
than it is to try and get your money back.
More and more malware is checking for things like bitcoin wallets.
Even a simple RAT or keylogger could get someone access to your funds if you don't have 2FA.

I have something to say on this issue, but I'm out. Will post later.

It also depends on the desire of any person. Because sometimes there are people who are more concerned with all of the data is secure and does not want to get an issue on the internet because of the behavior of hackers. Better we secure Wallet BTC with a special and awake than have to secure the account Bitcointalk that is just an interaction. Except for those who work in the bitcointalk, surely they need this

I believe in 2FA (2 Factor Authentication). It gives more security. But If you allow someone to use your computer this may bring you at risk. Because no one knows what will new person do with your PC.

I have personally faced a big issue.

Issue is of malware affection which costs me lot because, one of my friend use my PC and he download something which was harmfull. He told me later that there was alert from my antivirus saying downloading files are affected but still he download something and when he run that exe makes big trouble as all my data files stored on PC in another drive changed all files extension and make them encrypted with binary file. Which require secret key to descrypt all my files to get back original files.

2FA can give authentication security but what to do in such cases ?

https://i.imgur.com/0muQofi.png


New features:
-multiple windows for trading on bittrex
-2FA via Google Authenticator
-Key management
-HD addresses
-Block explorer

https://i.imgur.com/UcWMglV.png


It would be interesting if bitcoin could have 2FA in the client, as the devs of vTorrent have done in their up coming torrent client.

But is it 2FA completely secure? What if your computer or mobile phone is affected with malware? Your account still then can be compromised, no matter to 2FA. And malwares in all forms are bigger and bigger threat. Of course that 2FA gives more security in regular cirumstances but I just want to say that nothing is perfectly safe.

Security is very important excellent features 2FA our assets to be safe, It is the most common authentication method no one knows the secret unless you, keep your balance remains secure the most important points do not lend PC to others, protection of information against theft or our best friend.

Thank you for the information that you had provided. I was really unware of such things. I took security with bitcoin wallet lightly but now i come to know that it's really important to secure our bitcoin wallet

I have 2FA enabled on all of my accounts that has a 2FA option available. I don't mind taking extra time to log in, just as long as I can keep myself secure.
The only concern I have is that if I lose my phone, the one who picks my phone may be able to access my accounts if I don't change them in time.

My blockchain.info wallet was hacked in the beginning of 2014 and since then I learned about 2FA in different forums. Have all of my accounts, like email, yobit, other websites where I work enabled with 2FA and its more than 2 years I am not having a single problem. I use both Linux and Windows but mainly Linux when dealing with bitcoins for better security from the OS.

i like the idea of 2fa but it also makes me nervous. I've had google authenticator fail on multiple phones and not received emails or sms when i needed them for 2fa.

i prefer dumb methods like printed codes if they're available.

i ddnt use 2FA to avoid hassle.. but reading this post made me want to use 2FA for my own security againts hackers..

I use 2FA very often and where I am able to enable it I do it because I feel safer when I have 2FA enabled.
Unfortunately the forum does not support 2FA yet but it would be good if we will see it in the near future.