|
Title: Authorize log-in attempt by e-mail - Bitcointalk account Post by: bitmover on March 23, 2018, 04:58:43 PM Hello,
Everyday we see new topics where people complain about their hacked accounts. As most people here earn money with their accounts, everyone should worry about account security. Now with the implementation of the merit system our accounts are even more valuable since our hard earned merits are even more valuable than most altcoins people get from bounties. I saw that there are already many threads asking for 2FA on your Bitcointalk. For some reason it has never been implemented. But there are other mechanisms to increase security that can be implemented in our forum. My suggestion is simple: Implement a log-in authorization by e-mail every time a different IP try to login in your account. When you try to login to your account in a different computer or network you will receive a message: "Check your e-mail to approve login attempt." I think this simple implementation can avoid most of the related problems with hacked accounts. Many exchanges and webwallets already use this method, so most people are quite familiar with. What are your thoughts? Title: Re: Authorize log-in attempt by e-mail - Bitcointalk account Post by: godzillarekt007 on March 23, 2018, 05:03:20 PM I like the idea a lot, it reminds me of how Bittrex does it when you sign in from different IP. Added bonus is because we don't have 2FA we won't have to type that code in several times before entering. 2 thumbs up idea, great way to increase security!
Title: Re: Authorize log-in attempt by e-mail - Bitcointalk account Post by: hilariousandco on March 23, 2018, 05:09:31 PM There is already an authentication email sent once you try reset the password and/or change your email.
Title: Re: Authorize log-in attempt by e-mail - Bitcointalk account Post by: bitperson on March 23, 2018, 05:21:28 PM Implement a log-in authorization by e-mail every time a different IP try to login in your account. No! I use Bitcointalk from all over the place, so I would have to deal with such messages constantly. Sites that use them typically send them from spammy networks, so I usually have to grep through spam filter logs to find them. This is a great forum, but having to go through that kind of trouble would be too much. Title: Re: Authorize log-in attempt by e-mail - Bitcointalk account Post by: bitmover on March 23, 2018, 05:31:51 PM There is already an authentication email sent once you try reset the password and/or change your email. Thanks, I was not aware of that, as I never tried to change those. I think it does the job. Title: Re: Authorize log-in attempt by e-mail - Bitcointalk account Post by: Welsh on March 24, 2018, 12:14:15 AM I think it's best left how it is right now. Only sending notifications when details are changed on the account. Requiring a authentication email every time you log in would become very tedious. If it was optional then that would probably suit those who want extra security and those who want ease of access and not jump through loop holes every time they want to log in.
Title: Re: Authorize log-in attempt by e-mail - Bitcointalk account Post by: Lesbian Cow on March 24, 2018, 12:36:53 AM There is already an authentication email sent once you try reset the password and/or change your email. How about offering 2fa on log in as a user opt in? Title: Re: Authorize log-in attempt by e-mail - Bitcointalk account Post by: actwo on March 24, 2018, 03:11:17 AM There is already an authentication email sent once you try reset the password and/or change your email. A hacker changed my password then my email address with out access to my email. I have sent you an PM with proof of my identity. Thank you Title: Re: Authorize log-in attempt by e-mail - Bitcointalk account Post by: jhenfelipe on March 24, 2018, 03:26:41 AM Implement a log-in authorization by e-mail every time a different IP try to login in your account. If there will be several options, authorization before the account will be accessed using a different device would be good too imo. A bit hassle only to those who don't have their own device to open bitcointalk.There is already an authentication email sent once you try reset the password and/or change your email. As announced by theymos here https://bitcointalk.org/index.php?topic=2282758.0 (if someone wants to look for it)Title: Re: Authorize log-in attempt by e-mail - Bitcointalk account Post by: AzureDragon on March 24, 2018, 05:51:31 AM It seems to me that in such circumstances the developers of the forum have to seriously think about the introduction of two-factor authorization.
Title: Re: Authorize log-in attempt by e-mail - Bitcointalk account Post by: hilariousandco on March 24, 2018, 10:16:46 AM There is already an authentication email sent once you try reset the password and/or change your email. A hacker changed my password then my email address with out access to my email. I have sent you an PM with proof of my identity. Thank you Then you should have received en email where you can lock the account. I can't do anything about restoring accounts so you'll need to PM an admin but if you haven't got a valid signed message you might as well forget about it because even accounts with them are taking months to be restored if they're being restored at all. |