Bitcoin Forum

I know some of us here is having issues on their bitcointalk account being hacked. I just want to know if many will agreed to have 2fa Authentication on our bitcointalk account to protect it from hacking specially those who have high ranks. I hope Bitcointalk.org team will plan to put 2fa Authentication on our accounts. Thanks 😊😊😊

^^
This has been talked several times and I thinking in this current system we will not have it however may be in the new forum software we may have something to keep our accounts more secure.
Alternatively, you can stake one of your bitcoin address with a sign message just in case of any compromised case you can prove the you are the original account holder.

Ohh I see I'm just new here, by the way what bitcoin wallet can you suggest for me that have signed message?

There is no announcement or requirement in what bitcoin wallet you need to use to signed message. You can use any bitcoin wallet that is safe and secured. Just search which best bitcoin wallet to use for storing your bitcoin and sign message it. You can visit this thread https://bitcointalk.org/index.php?topic=1631151.0 on what type of bitcoin wallet is best to use and sign message and this thread https://bitcointalk.org/index.php?topic=990345.0 on how to sign message your bitcoin address .

There’s a small recap of threads that have versed on 2FA on the forum in this thread: List of Answered Suggestions. Please don't create topics before read them all! (https://bitcointalk.org/index.php?topic=5149666.0). I asked the same question a couple of months after joining, surprised that it was not available as an optional feature.

There’s also this:

2fa is not the only option to secure your BTCtalk account staking BTC address is enough to protect your account or if your account was hacked you can make a signed message of old stake address to recover your account back.

Since you are newbie better start posting your BTC address in this thread here https://bitcointalk.org/index.php?topic=996318.0 and request to someone to quote it for future referrence.

As we are not dealing with money on bitcointalk, it shouldn't be required. Staked bitcoin address or other addresses could be used in case of an account hack. It is a long process though.

Although I'll suggest freezing the email id, it will surely decrease the work of admin/moderators. Making the email change process chargeable after verifying the staked address is what I suggest.

2FA is difficult to implement with the version of SMF the forum is using, and it is unlikely to be implemented until the new forum goes live.

Many people are waiting for 2FA to be implemented here for many years already. But it won't be added before new forum software will be fully released.
Despite this, there is still some methods how to protect your Bitcointalk account. Starting from basic things like using strong and unique password. And finishing with things like staking your Bitcoin address with a signed message and using 2FA on your email account.

No!
I don't want more hoops to log in.

What if it's optional?

Bitcoin doesn't need 2FA, neither does Bitcointalk.

My very short answer.
List of Answered Suggestions. Please don't create topics before read them all! (https://bitcointalk.org/index.php?topic=5149666.0)

2fa is not going to be implemented on the forum, but you can use 2fa on the external sites that link to bitcointalk if you want extra security, such as your email address (if it permits it). If you observe the basic security measures and avoid logging in on external devices and clicking on phishing links, your account shod be fine. Don't expose your email address on your profile as well.

I'm confident it's definitely optional. No sites I've been on that strictly enforce 2FA unless you're working with those P&C stuffs (banking, tech, nuclear)

I hope 2FA will add on the security feature. I personally don't own a single Bitcoin address, I usually create new BTC wallet address for every transaction that I will made. I have trezor to store my personal BTC but never used that address for public transaction to protect my asset since I don't want someone snooping on my assets. With that reason, I'm having trouble to have a singe wallet address to used for staking in this forum.
This 2FA security is discussed many times but still no clear answer from the administration.

2FA may not be possible with the current forum software but there has to be some security. For people using Exchanges as their BTC wallet or even the people who had created their accounts in Blockchain wallet recently do not have the option to stake their wallets. What if a user loses access to his staked wallet? In the future 2FA can be an option but does not need to be forced.

You can manage without 2FA if you are using an uncompromised email and both your email password and forum password are securely managed by a 2FA-backed up password manager. I don't think there is any reasonable way for 2FA to be implemented while we are on SMF.

Thanks for the link sir, this could be a big help for me to protect my bitcointalk account  :) :) :)

I have found a post by hilariousandco about the 2fa Authentication of bitcointalk.org in 2015. Here: https://bitcointalk.org/index.php?topic=1100415.msg11713916#msg11713916
see this screenshot if you have not time to visit the link.

https://i.postimg.cc/sgPK36Y1/chrome-aw-R6-JHWUr-O.png

Where he said " It's coming with the new forum" about a more new feature as well as 2fa authenticator too. But that might not have been possible.

I thought we knew this already?

Source: http://epochtalk.org/map.html

All these news and phone # = real name are related to the SMS based 2FA. We aren’t talking about this kind of 2FA.

Here: https://en.m.wikipedia.org/wiki/Time-based_One-time_Password_algorithm

No phone number (actually not even a phone is required) and in all cases, you use if you want (which shouldn’t be a reason to not allow these who want to have the feature :)).

In many cases, risking a signed bitcoin address is one way to secure an account from hacking.
But people want to have a better level of security like adding 2FA, maybe that is a good idea. But I think bitcointalk.org doesnt need it.
OP, you only need to signed bitcoin address if you want your account to be safe from hackers. I have not done it, and as soon as possible will signed here (https://bitcointalk.org/index.php?topic=996318.0).

As an 'option' to choose, maybe ok
but as a 'must' NO

Secured or unsecured, it depends on how people use their devices, their accounts, and their other activities on the Internet-space. People still be hacked with their accounts on crypto exchanges even there are 2FA protections.

If people are careless enough to use their emails, their accounts, and their devices, sure there is nothing can protect them.

If the forum already have official good supports for account recoveries, with recent supports from Cryptios team, and thread to stake Bitcoin address as proof of ownerships. I think those protection layers are enough.

Careless guys will even don't care to secure their Bitcoin wallets, and don't stake their Bitcoin addresses with signed messages. That's the problem.

Careless guys don't secure:
- Account password.
- Email password.
- Devices.
- Bitcoin wallet.
- Don't sign message.
- 2FA code if there is 2FA.

If there is 2FA, what if the forum stop supporting users with account recoveries?

Well it does not take too much time to download Electrum, create a wallet, get one of the address and sign a message to post in the forum. I see you are a hero member and I expect you to know much better than a lot of the users in here.

Imagine somehow your account gets hacked or gets compromised. How are you going to get it back? The only way is to prove the ownership of the account and how are you going to do that if you do not have a signed bitcoin address.

I hope you now understand the importance.

The last time this forum got hacked, and the hashed passwords were leaked, was in 2015. It might be a good idea to update your password if you haven't changed it since then.

Otherwise, if your password is 20+ characters long, you should be okay against brute force attacks. The security of the machine you use to log in to is separate and you should be responsible for that.

Even if 2FA is implemented on bitcointalk.org as an optional feature for securing an account is that I won't enable it unless it is highly recommended (Is A Must) for a forum user's account. Enabling 2FA is kind of time consuming where you have to copy and paste code which I am not fond of doing this kind of stuff but it is indeed helpful to help increase the security measure if our account.

Bitcointalk isn't secured via SHA256 private keys, or backed by high mining power, at least not last I checked. Otherwise I'd agree with you.

It's already been brought up, for for the love of Satoshi please don't use SMS 2FA unless there's no other option. It's super easy to bypass and completely insecure. Use Google authenticator (or any auth app that uses a dynamic code) or even better, a Yubikey (or any other physical device).

Agree, this could be a great add on security on the website, and also a lot of fake phishing websites on the internet trying to copy the bitcoin talk website having this extra security could prevent account hacking to a lot of members in the forums. But Personally I don't like 2fa Authentication because sometimes other websites don't have safety measures if you lost your phone number or sim card you should be able to recover it from email and using this 2fa authentication you should be able to monitor or trace the one who opens the account.

i thing no need 2fa Authentication on Bitcointalk.org , already some people answer your question theymos can help you if your hacked or losses access so why you want to 2fa Authentication system on Bitcointalk.org?

True story, having a 2FA device based on a phone number that you fundamentally don't own is completely insecure. Only something like relies on TOTP/HOTP whereby you can own the private key (and keep it encrypted) is better security. Snooping on SMS's and hijacking phone numbers is too easy to do these days.

Many are proponents of the 2FA authentication factor, personally I like it, and I see it as an additional layer of protection, I think the idea is not bad, and all systems must be updated and not be left behind, because it is not right to stick with the traditional and less when it comes to security.

With the new Epochtalk software it will be integrated, I am sure that the 2fa option will be optional, it will only be a matter of waiting until it is released. In our local Spanish forum this topic has also emerged, and for now it is better to secure the account with a signed message, I know that the initiative is born because of the fear of being hacked, and more with what is happening today in the Crypto world .

I haven't changed my password since May 2015. But then I don't click on random web sites or log in using just any other computer or browser.

I do have a sorta staked bitcoin address and one of my threads has my GPG public key.

If 2FA using Time is offered, I'll use it. If not, you should be fine. Use randomly generated passwords and you should be fine.

Adding a 2fa authentication doesn't really make sense to me since you can easily stake your BTC wallet here (https://bitcointalk.org/index.php?topic=996318.0) as the person controlling the account  You can follow this topic (https://bitcointalk.org/index.php?topic=990345.0). 2fa can get compromised but this method is known to have saved accounts on this forum