Bitcoin Forum

Account security and anonymity have major importance in crypto gambling industry. I will explain two authentication processes and their pros/cons that an under-development project is considering. Through this thread I want to take views/suggestions of the community on the better of the two processes. Here are the candidates:

Option 1: Email Based Authentication

Under this option, you will be asked by casino to fill username, password and email id on registration. To increase the security, you will be asked to set-up 2FA authentication. To make withdrawal, you have to confirm email id.

Pros:
Easy to use and remember system.
Easy to retrieve system if password gets compromised.

Cons:
Easy to hack and brute-force.
Identity may be linked if same email is used somewhere else on web.
Always need additional device (phone) to login (for 2FA code).


Option 2: Keys Based Authentication

Under this option, you will be asked to fill username and password on registration. Then a private code (long alphanumeric) will be generated for you and encoded with the help of password you entered in first step. Now you have to store private code somewhere safe. There onward, you have to paste private code and password to login into system.

Pros:
Complete anonymity
Highest degree of security. No one can hack or brute force your account even if database is compromised.

Cons:
Extra care needed to maintain the security of private code.
Since code is not saved anywhere on server side, losing code = losing account.
One mistake and your account is gone.
Impossible to change code. If you give away code to someone over phishing page, etc, then you cannot retrieve/secure the account again.


That's all. Which of the two systems would you prefer as a crypto gambler. Suggestions/views are welcome.

I don't fully understand the option 2 which is the Keys Based Authentication.. As a gambler, I just follow the usual procedure when registering into a gambling site, normally, I make an account, put my email into it and then hit the verification link once I receive it..

Now, every time I access it, I like to secured it into 2FA as I feel it would be safer, not sure if there's a way to hack when you are in control of the 2FA code.

I think this one will fall under option 2 - Keys based authentication though. 2FA is another level of authentication process to verify your account. Option 1 is a weak one to secure your account though it is easy to log in because you don't need additional verification, however, if you are a high roller or just want to make your account more robust and safe from potential hacks, it is always better to add another security layer like 2FA.

For the sake of discussions and not going into complexity, I would go for Option 2: Key based authentication. My main reason is that it's going to be like protecting your private keys here. At least everything is in your control. And you need to be very careful, because if you don't educate yourself everything will be gone in at instant specially. And since everyone here doesn't want to get your account compromise then obviously as a gambler we need to do everything to protect it by having a good sound and security practices.

As a common gambler with low bankroll who bet just small amount, I prefer the option #1 as what I usually do so far. It is simple, but I always use different email address for different site. I also use different password for every site where I play. 2FA is a must nowadays for a better security purpose so I'll prefer site where there is 2FA.

I think you can easily set up  a 2FA, I am using AUTHY, this app can be link from my PC to my Phone, so anytime, I want to gamble, I always feel confident that my account will not be hack, the same method I applied on my exchange, both local and international exchanges.

Well we know that most of the gambling sited are use the email and I think it is still safe, but for the key Based Authentication is more safe because it is less risk of hacking your account in the gambling sited because the key is only save either to the paper or other documents. Many email now are prone to hack because of the luck security the accounts safety is depends on us.

I would be on option 1.

I've been using that option for a long time now and I don't have a problem with it. I am just a casual gambler so I don't have any problems with the security since I don't have that much to gamble in the first place. Another thing is that I usually just use the gambling site's faucet so I don't really elevate from 2FA since it doesn't matter really. I have a dummy email for all of my gambling accounts so I don't have a problem with it being connected in a social media account or other site's credentials or logins.

As a small time gambler with not much balance in my account (which I don't usually store crypto in it), sometimes none, I would always choose the 2FA verification. I don't worry much about the security of my account because I am using different email to avoid password and account tracing. Though I must admit, I am using 2-3 the same password from all of my accounts in the internet. I don't usually dig complex account security, unless If I have stored huge amount of money or crypto.

The evaluation of authentication has traveled a long way before what we have right now:

By late 90's it was:
username (unique identifier)
password
email ID
||
By early 2000's we had:
email as unique identifier
and password with certain charterers and in length was recommended
||
Then
email/mobile as unique identifier
password (with strength notifier: strong/week/neutral)
2FA as optional
||
Then
mobile
OTP (no need of password to be set while registration)
||
Unique identifier (system generated)
Password
email

I guess the next level should be bio-metric based authentications like already mobile devices are authenticating us.

Every system has own advantages and pitfalls. Basic measurements we must follow for tension-free life:
1. Not using same email/password everywhere to protect identity and to prevent hacks.
2. Knowing well-in advance about account/password recovery processes.
3. Not keeping big balances with your online accounts so that you never need to bother about losing accounts if happens.
4. Keeping log of accounts along with IDs and password and keep this log secured. There are lots of PWD maintaining tools are available in desktop and mobile versions (tools which are working offline are recommended).

What type of authenticating method we prefer is having least weightage but how securely using them by following all the protecting measurements is the actual key here.

I like to think that only the user is responsible for securing his/her account.Therefore I will always choose 2Fa authentication and I will also make sure I keep a long backup code stored at a safe place(old laptop with linux) this way I have a way to recover if the 2fa is broken in some way.Many 2fa casinos are using google authenticator which allows for a long code as a backup code after you have scanned the 2fa option in the page.

I voted for option because I know that's the best one to secure your accounts but there are platforms that offer both to have not just 1 option. If there is an option for both I guess I'll go for that.

Both have flaws and advantages but overall that depends on the individual securing his/her personal information.

I prefer the email based security I find it more safer as long as you know how to secure your email, I have two factor authentication and phone verification, compare to keys you need to find a good place to store it, many of us store their keys  to their email.

At the level of my gambling experience, I would say that Option 2 will be good.

However, I usually don't play that huge amount though, so personally I will pick Option 1, much easier for me to maintain. So. I guess the answer should be how much money you are spending in our online gambling. If you are a whale then definitely Option 2 will be better for you. But if you are just a recreational gambler, Option 1 will fit you much better.

For a gambling site, It's absolutely better to choose the key-based authentication if we are aiming for the security that we are aiming for. But for me, I don't really use key-based authentication on a gambling site because I am fine using email authentication plus 2-fa. So far I am not losing any funds by being hacked.  To be honest, using email authentication for me is less hassle to use. I'm fine having the 2-fa because it's my daily procedure on every account that offers 2-fa security.

Option 2 for me even though option 1 has an easy and more noticeable type of security Anonymity beats them all but you will need to be very careful is using this kind of security because you yourself might forget your private key very easily but the safety of your account is at hand here and you can be sure that it will not gonna end up in a hack brute force!

But you will need extra care and you will need a back up if you would lose or forget your private-key other than that most people prefer a more complicated system but you can always be sure about strong security it has.

Keybase ofcourse, there are many ways and options one can manipulate to expose your identity on the web. What had me challenged backed then was my investment on a platform that went down without my notice in 2015. Then, I used option one(email and 2fa) this couldn't help me even though I tried my humanly possible best to protect my investment. There is a saying that" no system is safe online " this facts are true, due to this, option two is better and secure, if you're investing a huge amount of funds online.

I am prone into forgetting password, pins or codes and I already lost 1 account that has some fund deposited on it that's why I prefer option 1, I am a casual gambler and never put a lot of fund on any gambling site account that I play on and I only use a dummy email account(which I highly recommend for other casual gamblers like me) to use for registering so I am not worried about my identity or important information being leaked or stolen.

Three types of security:

• Something you know-password which is easily hackable
• Something you have- 2FA apps installed on Android phone
• Yourself- Fingerprint or eye scanning

The last choice is the best one but it is also hackable and there are weak points, I will go for the second option.

The second option is still the best choice, I myself use it.  When I put a considerable amount of money in the gambling or exchange platform, it is compulsory for me to install Keys Based Authentication.

However, if I only enter a few USD, then I use Email Based Authentication.
The point is that when there is enough money I deposit, I have to use Keys Based Authentication.  For the sake of maintaining the security of my assets,

From the cons side of Keys Based Authentication, I am aware of all that, because there is indeed no tolerance for keeping funds safe.  So I have to prepare everything carefully.

I am okay with number one because I don't understand too much with the number 2. Besides that, I think the number one will be more familiar to me as I see that is applied to many gambling websites or another website. I will use a different password for every website. That is what I always did with all of my accounts.

The second one "turns me off" - how secure is that option really? Because using a clipboard to copy-paste a code can easily be targetted by some malicious software and the code does not expire, which makes 2FA much safer imo.

AFAIK, you can generate 2FA through Ledger too. If privacy is your concern, you can create an isolated email address strictly to use it for a website authentication. If you create one through ProtonMail, you can use it even on Tor (protonirockerxow.onion). I'd rather have a code that expires every X seconds than have a code that never expires which anyone could use at any time to do damage to my accounts.

Although the first option is easier to use, it is not a very safe option. My preference will be the second option because I care about security and it is important to remain anonymous. The second option is absolutely safe, anonymous and less risk-free. Also, it is entirely up to the user to decide whether or not to keep your private code generated for your account in the memory of a single computer, even though it has been mentioned as a disadvantage. It would definitely be wrong to state that there is such a disadvantage if it is stored in at least two or more areas. To briefly comment on other disadvantages, unfortunately it is a risky choice as it will not be possible to access that code again as a result of the slightest copy or change error, but as I mentioned in the previous sentence, you can protect your code on several different devices or locations. On the other hand, unfortunately, there is nothing that can be done if the code is stolen. It should not be forgotten that no method or security measure can be completely flawless.

I choose the more secured one, we are gambling money here so it's just right to give the best security of your account. Though the option one is quite simple, but when it comes to money I'd rather value security over convenient, and with that said, I confirm that all my gambling site accounts are secured with 2FA.

I prefer email-based authentication.

Easy and I guess it's hard to hack an email full of 2FA. Keys are very vulnerable because much of the time they were stored on the PC, and obviously, PC are naturally also vulnerable and can easily be baited in phishing and some sort of hi-jacking.

Even if you have Windows Defenders or even multiple AVs, there are still undetected malware roaming around that may compromise or mimic those keys.

Email based authentication is fine.

It worked for me without any failures till now and it is because my emails are safe as well. Don't make things unnecessarily complicated it not good for you it is not good for the player.

If email-based auth wasn't good enough security-wise, nobody would be using it by now.

Safety and security comes first for me so second option is what I would choose. I think that protection of your privacy and data is very important but not enough users are aware of that. They often choose easier and nore user friendly options and these are always risky  and when consequences appear it's really hard to get everything back. So my advice is always to think twice when your security is involved.

Security in the 2nd option is best but keeping the code is going to be really hard especially because hard drive can be corrupted. I have several USB to keep my privatekeys and codes, a very redundant job to keep. It keeps safer but also dangerous if someone finds my USBs and knew what those files are. I prefer the 2nd option.

Option 1 can be safe for you if you do have an Alzheimers, you can just retrieve your passwords thru email but we all know the dangers when it comes to hacking.

I'm ok with email-based authentication, in fact, all my authentication are done on email, my email is phone authenticated so access for hackers are very hard I also added additional features for my email account if I am going to use key-based authentication I am also going to use email to keep it.

number 2 is my choice...
Authenticator email is very complicated for me, I don't always open emails, and also not always in front of a laptop, so number 1 is uncomfortable for me.

I'm comfortable with email and 2fa. I think key-based stuff only suitable for crypto wallet apps, or if you want to get serious in the gambling business. As for anonymity, you can use Protonmail (https://protonmail.com/) if you trust the service.

They said:

The problem for key-stuff is you need to write the key, which is troublesome for casual gamblers.

Key based authentication is for someone who gambles too often with huge money like thousand dollars or more for each bets so they will be looking for something highly secured and email based is some someone who gambles with very little amount and not too often and they will not leave much balance on the gambling site's wallet.

I will also go with Email as it is more convenient to me and also only thing you should have a string password set for each thing which will make things for difficult too for anybody. Depends on everyone choice what each one would prefer to use as for all safety is priority and which they feel more suitable would consider it.

I agree you can secure your wallet properly and easily, with key authentication you have to place it in something that will not get lost, could be on a cloud or USB but I find email authentication far and the best way to authenticate.

I prefer using email based authentication (option 1), it is easy to do as a common way and I think 2FA make it secure enough. Option 2 is too complicated for me. Moreover, it is too risky if we lose code. This is a very bad disadvantage of using keys based authentication, means we can lose our account any time just by making a single mistake.

I'm kind of a goldfish when it comes to memory retention, but so far all of my accounts which require special keys for activation and whatnot are still intact with their respective keys being stored in a tablet which I don't use for online stuff. It's a mess whenever I have to login and type the string character by character but if its for the utmost security of my account then I'm fine with the extra steps.

I even had an experiment wherein I created multiple emails with the same passwords, registering all of them to some of the most frequented sites when it comes to gaming (Steam, Epic Games, EA, etc). I was never surprised that after a couple of weeks, I have already received alerts that the accounts I registered were asking for an authentication to my email. Of the three of the test accounts, all of them were compromised--how and why, I don't know.

Email is easily exploited and prone to exploits and hacks. 2FA seem to have defeated these hackers in some way, but even those themselves are vulnerable to exploits and bypass (https://www.cnbc.com/2019/01/04/how-secure-is-your-account-two-factor-authentication-may-be-hackable.html), which is quite scary too.

According to your explanation, my characteristic fits with email-based authentication because I don't play gamble every day and just in a very few amount of money. No, I never leave a big amount of money on the gambling site's wallet, I know it is too risky. So, I will go with option 1 on OP and it is exactly what I did till now. I think it is safe, although less secure than option 2.  :D

It is actually true, for small timers, email authentication is more than enough.
As they are not worried even if their account is hacked as either their account have small amount or they always transfer their coins to a more secured wallet.
But for those who have significant amount on their account, it is better to have another level of security.
On my end, in some sites I have email authentication while there are some that I have 2FA on.

The private key option seems better but I haven't tried it as most casinos usually have 2fa. Both have it's good and bad sides but it'll depend on my gambling activities since I play on several sites. If I always gamble in their casino every day and they have both authentication available i'd pick the key option over the email but if i'm only playing every now and then email is the way to go imo.

The key based auth is basically having an additional layer of password in a form of a private key somewhat similar to OTP but it's the only code you have that doesn't expire.

I have an account in an online website where there is a 2FA and there is nothing wrong that I've experienced with it so I will choose keys authentication for this.

I think its obvious already that 2FA is stronger and harder to hack compare to an email authentication. The only disadvantage that I see in 2FA authy is that when your phone or the device where you saved your account is lost, broken or stolen, it will be hard for the owner to retrieve it but that can be preventable if you just handle your device with care and secure it all the time.

With Email authy, it is easier to access but it is easier to hack too. I still remember days ago when there is somebody who got access on my main email. Luckily there is a notification that says if I'm the one who is opening my account and I didn't opened my account in other devices so I clicked "NO" and changed the password immediately. That is how easy email can be hacked so I don't like this although it is easier to access and you can still access it even you are using another device.

Damn, the poll should have been even, i voted for option2 when in fact i am using the option1 as a gambler.

2FA is enough for me to secure my account and so far i have have no problem with it and you are right it is easy to recover the account whenever we forgot our password as there is an option to recover it using the email we provide.

19 votes so far and I'm not surprised that gamblers here chooses option 2 because of it's security features. I also voted for that too, because it gives me control, and as far as 2FA goes, hackers are advancing, they can intercept it already. So I prefer to have key base, I think the pros outweigh the cons here.

Gamblers that don't like stress or don't gamble with high amount of funds will definitely choose the email option since it's more easier to process then the key option. As an individual that is already used to working with private keys in regards to keeping the keys of my bitcoin wallet safe. I won't find any difficulties working with the key option so I just voted for it.

Email can easily be access like you have highlighted and I won't want all my hustle to be stolen away from my account assuming the site or my phone get compromised. Don't forget the most used email service providers (G-mail) isn't that secure when it comes to protecting our account. It'll like a social media account.

Among the choices, I would prefer the key-based authentication.  Much better if it is paired with a one-time passkey that is sent via SMS.

I would prefer the first option. Of these methods, it is the most secure because it requires several additional devices, which are much more difficult to hack at the same time.
The second option has a very serious drawback in the form of code that needs to be stored somewhere and since it does not consist of several characters, it is unlikely to be easy to write on paper or remember, and so people will store it in a text file on the computer, copy it to the clipboard and paste it on the site to log in, which will allow it to be easily stolen.

Of course I prefer email based authentication, the main reason is easy to use. Because I like simple, and I'm the type who is not extra care.
So I'm afraid I made a small mistake, resulting in losing my account. That's pretty scary in my opinion, after all using email based authentication
safe enough. Because logging in using 2FA code makes my account safe. And until now I have use email based authentication not experience
hacked, so no need to change to key based authentication.

I'll go with email based authentication as it also has other measure to ensure your account doesn't get access by others. All they platform I have used also has 2FA security option together with the email option which makes it to be more protected from scammers and very easily to recover incase you lost your security details like 2FA cod. Easily with the recovery phrase you can recover them. Email is the most popular which means it's the security option must gamblers use but don't understand why it's lossing in the poll.

I guess most of the website using option 1. I have been used option 1 for many websites, and I don't have a problem with option 1. Besides using a different password, I also activate 2FA which is available on the website so I think that can help to secure my account. I think I do not yet have experience with option 2 or I might forget about the registration type because almost the website that I use to register using option 1.

I think each option will have the advantage and the disadvantage, and I guess we don't think much about option 1 or option 2 because if they want to register, they will register without thinking if the system will be better or not. The customer will try to secure their account by following the instruction from the website because they don't want to see their account get hacked.

In my own opinion, i am now comfortable and used to using email based authentication than key based authentication, even it is prone to hacking because it is more easy to use and it is more simple. I also activate my multi-factor authentication in my email, so i could be alarmed if someone is using my email accounts and other accounts in websites.

^ The same idea but probably any of the two options are still at risk for hackers though option two has additional security that may give you additional protection on your account. We probably consider option two as the better authentication process because it will also help to lessen the damage when hackers access your account. These two options are still prone to hackers we should consider the weight of the damage that a hacker can do once they are able to access our account like with option one using your email that may also be caused identity theft aside from the money you have in your account while with option two there will be lesser damage since your personal identity may not be accessible for hackers. If I will choose these two I prefer to use the key-based authentication. Nevertheless, any of the options you will use still you should always take extra precautions for hackers nowadays are more aggressive and technical than before.

I'll go with key based authentication. Pros of using it are entirely enough, and IMO, that one must prioritize to totally secure his own stuff. It is not that email based are faulty but one slight of an error on clicking something you thought needed, everything you have in there would be in hacker's hand even if it is just a small amount of penny. And in addition, either between the two options user must take an extra care holding his account, and should be held responsible for some sort mistake that might occur. Thus choosing the less prone one is the best idea.

There's nothing wrong in voting what you prefer, a lot of us use email authentication or OTP because it's the standard in nearly all bitcoin casinos. I don't think there's one casino that have a key based authentication though it would be interesting to try if there is one.

In my 22 years of using internet, I guess blockchain.com(.info) is the only services where I have that key based authentication. I registered with them by 2013 and at that time itself they were providing key based authentications still not sure why no other service providers not copied such a thing.

Authentication type is just the security measurement and it has nothing to do with anything gambling. I guess OP must be studying the opinions of this gambling community which might be leading to implement the most preferred way of authentication method in an upcoming online crypto casino. Probably I would be expecting eagerly another services to long in with key based authentications.

   Option 1 is most common option, until now I didn't have option 2. And for me it's easier to register
with my e-mail, option 2 sounds a bit complicated for newbies, but it's like setting up a hardware wallet,
if you lose your keys you will stay without your funds.
   If there's an option for choosing option 1 or option 2 I will go with option 2, same like I choose hardware
wallets over online wallets, but until now I had just option 1, with e-mail, and in rare cases I had to do KYC
and verify myself. This question is more for casino owners then for us players.

I'm used to the first option, the Email based but I'm open for new ideas like the second option which looks promising if you want to maximize usage for anonymity.
We are in the crypto era where we don't know if there's an eye that's monitoring us and if we are careless, we could be their potential victim. I think the private code thing is not that new because we have this already for our private keys.

Most are using email-based verification. However, option 2 is safer since you will be keeping your private key. However, I don't put to much attention on security when it comes to gambling account, not unless you are keeping a huge amount or have a good background and points/previlage in your account.

It doesnt matter on which one since i do know on how to keep my account details neither it would be an email or some keys.
It depends on what the site been asking when i do make use of gambling platforms and i do believe this would be the most important
because we cant demand on what sites ask or in terms of security.Of course they do have pros and cons, when you are already aware
of it then you should be sensible into your private or important information so that no one can access it out.

I used to play gambling and register an account using email based authentication for I believe that I am the only one to have an access on it since it is my account and I do always use 2FA authentication to accompany this email authentication. But it is indeed right that using a single email can track all accounts linked including social media accounts once hacker have successfully get into intruding your email. I do also know key based authentication and for me there are lots of things to do with it since it is a key based and it seems to provide hassle for me although security is much better compared to email based authentication. I think both are best to use and it is just a matter of when and where you would such method to secure your account. But still I do preferably use email authentication for it has no hassle accessing unlike key based. The problem on tracking by using a single email won't be a problem as long as you create an email that is not linked on your social media accounts and just created for playing only. Just be sure to check the privacy and security of the site so that you can avoid your email being hacked.

Im with this because im not really minding much because i can create gambling account easy and when i bust up then i do forget that account then create another one.

Most sites now do really have that email verification but option 2 is preferable but it doesnt matter that much since we arent storing big amounts into gambling site wallet
and also most of the time, gamblers do blown up their account so it doesnt matter much on giving importance into your account.  :D

Till it's crypto related,  2FA from signing message with a crypto-address would be good as it overcomes the common disadvantages encountered with other 2FA methods !

At this time, I believe everyone is looking at the safety assurance of our money, and not that email option could make it safer than having option two (2FA).

If someone/somebody has an interest in your wallet, it surely they crack your keys when you are just having an option 1. Yes, I was experiencing it early this year, I received the notification that someone would like to transfer money out from my wallet. Maybe I was lucky because he/she was not able to get the code from my email and that it change my mind, and I have to config my account and change into a 2FA option. That makes safer than I was thinking about.

I will go with the email based authentication. I am a part time gambler and therefore i do not put a big amount of money on gambling sites. So i will prefer an easy authentication method based on email. If i had a lot of money deposited on gambling sites, then for sure the Keys Based Authentication best suited me.

For me, option 1 is better than option 2 as I use the same email to access all my accounts and it is kind of easy to remember. I do not hold a lot in any of my accounts so in case if it gets hacked only a small amount will get stolen.

Based from the poll, the leading choice is the email based authentication. I am guessing that a lot of users here are not too worried with their account security. Though I prefer to have 2FA at least, but if I know that I will only be playing small amount, email auth is enough for me. Maybe, this is the reason why for some others email auth is more than enough because they are not playing big amounts.

Option 1 won't linked your identity at all which you are not completely correct. Not all are creating an account with same email. Experts suggested that he/she should use different email on every site related to crypto which is why not all accounts will linked to their identity. So, i think the linking of identity will only happen when same email is used.

for me anonymity is very important so of course I prefer option two, just be a little careful and keep a possible code / private key safe for good as it happens for altcoins wallets

I like email based authentication rather key code based security because once you've lost your private keys there's no way to recover your account. If ever that account gets hack or you've forgotten the password, why i prefer email based security is because some email provider sites now uses anti brute force security and implemented 2nd layer of security and that is captcha.

I disagree with option 1 that it's easy to hack and be brute-forced. It's possible but I don't think it will happen all the time. Just make sure that everything was set up securely and we should already know how to do this.

I found it hassle if these gambling sites will have the same feature as most exchanges today. Email-based should be enough and have the support help you just in case of account recovery.

It should be enough and its been used mostly by gambling sites.It doesnt really need to be that complicated because gamblers do come and go
which means account security wont matter much because most of them would bust up in the end of the day. ;D

But well option 2 is good but not really that much important because creating a new gambling account is easy as 1,2,3 but doesnt need to complicate
things up because email system is enough, yes it is less secured but its not really that a big issue in talks here on gambling field.

Actually I have never seen weakness in either of these two methods in fact both are very safe the weakness on the part of the users.

In my case I move very well between both systems, by the way not all betting sites offer both systems at the same time, so in general what predominates is method one.

I always prefer the email authentication the cons you mentioned between the two favors the email authentication many people prefer that way
if you know how to fully secure your email it will be the best file keeper, I'm confident that all my files and keys are safe using my email, use all the available authentication for your email.

Yeah it's good that indeed if we're using those systems, but first and foremost email authentication is the only way to make it more safer. That's why we should have a legit mails to use and avoid any aliases, or even your mobile numbers must always be legit one. As a gambler we must be transparent to every transactions made to avoid any mess in the future.

Of course it is our responsibility to become safer because this is our money and we are the one who needs to keep the precautions.
but there are instances that hackers or scammers mislead us and we cannot really prevent this in a lifetime.
Well that is mostly activated in gambling sites but Of course Email is mostly prone to scammers and sometimes hackers so better be aware and make sure to not clicking links instantly.

Option 1 is what we often used but I don't think that it is easy to hack just like you have said. Email also has their 2FA (SMS verification or authenticator) and that is something that really secures our email. It indeed requires an additional device to activate or to do the verification but it is better since it helps to secure your account.

I like the concept of Keys Based Authentication but i have not seen any site giving that option, in all the gambling site i enrolled i usually go with Email Based Authentication and would enable 2FA authentication and that too not mandatory for several sites until i deposit.

@OP are you planning to release your own gambling site with a key based authentication as i have seen your Face-Off game, can you list a couple of sites that has this feature enabled so that i wanted to try that out.

I consider 2FA as the highest level of account security but should it needs to have it? Maybe it is not the ideal thing when you are not a big-time gambler because having $100 inside won't give the interest of the other people and that email confirmation is good enough. In fact, I didn't do any 2FA coz I see a big problem if ever I lost my phone and it is really hard to recover by then, but using option 1 could make you easy to access.

One thing we should have to do to make it safe, we must be careful in visiting sites.

If you understand how to secure your account just like what you have said, email can also be secured by means of 2fa if you configured and activate this from your account, regarding to option number 2 it's also good since you don't need to provide any information best for gamblers who wanted to have full anonymity to, types of players who wanted to play and go.

I prefer Option 2, I am concern with my info. Sometimes email-based authentication requires some permission to access your personal info, like numbers, birthday, etc. With this small info, they can try to hack or bypass and access our emails or some accounts, I am really concern with privacy and security. But in option 2 you need to store your keys carefully so that it cannot be stolen.

In fact, you don't necessarily need anything extra for 2FA (like a cellphone or whatever). Just use a browser plugin instead and you are good to go. I'm using one myself for sites where 2FA is a requirement (with Google Chrome)


I don't really see how it is different from going with password only. Your scheme would make our lives more difficult, not more secure, as far as I can tell. If they can steal your password, they will be able to steal your pass code as well. So the conclusion is simple and straightforward, 2FA does add to more security overall, while the second option presented does not (unless I'm missing something)

Ohh yes, I forgot about the authenticator that our email does whenever someone, a stranger logs in from an unknown IP.
It will be questioned by the email provider and that's another security for the email authenticator that we used to register. The 2FA authenticator is another additional security that everybody should add.

I prefer the 2nd method because while it is more time consuming but it offers complete security and there is no way someone can access my coins and withdraw them.

The first option is good but it reminds me of a incident where a scammer used a new trick to collect emails, he would offer a lucky draw and you just have to enter your email id and hence you feel no problem and later they will use those email ids to try and brute force passwords and then sell the ids for spam.

I always thought there could be a easy way to security but for now the 2nd one is the best even though its a bit of time consuming.

You can't brute force a 2FA code

For the simple reason it is a time-based one-time pass code (the most widespread variety that I know of). It changes every minute, and after it expires it is less than useless. The only way to get around 2FA is to get the secret phrase (or a QR-code associated with it). But if you are using a mobile device for its generation, to pull off this trick would require hacking both your email and the device itself. Not a totally impossible task on its own but a feat that would most certainly call for more than just one method of penetration, like a lot of social engineering coupled with direct physical access (forum was partially hacked this way a few years ago)

The safest would be option 2. It is just like keeping your own seed to make sure your account is secured. In option 1, once your e-mail had been compromised by a hacker, the password and any other access can be changed. Each has their own strength, convenience and weaknesses, it all depends on how you keep your credentials secured and your computer clean..

We got a tied votes here, : option 1 : 17 and option 2 :17

I voted for option 2 because I like my account to be safer, IMO, email can be hacked easily so it's right to secure your account with key based.
Personally, I have done that to many of my gambling site accounts, in different gambling sites of course and I hope all gambling site will add that kind of security features to ensure the safety of the users account.

This gives me a new idea where the gambling sites could actually ask the gambler to choose their own security option and the gambler knows if he will be playing small or big and hence he can decide the method based on that.

There can be another way where the website asks you a simple security code of 6 digits and you just have to remember that and enter it every time you withdraw this times both energy, time and resources. Alternative you can set some security questions maybe that you can answer and withdraw your funds and there are numerous other ways to set a easy yet string security for gamblers.

Thank you everyone for your suggestions. I have read all posts and even though voting shows 50/50 response but the overall conclusion is that most of the people prefer Option 1 as they prefer for convenience and ease the most. With additional 2FA layer, everything is quite safe, making Option 1 the preferable choice among casinos and players.

The team was considering Option 2 because it has more flavor for cryptocurrency users. A person who prefers keeping full control of his funds (by using cryptocurrencies with private key security) would like keeping full control of his casino account too. But it turns out, people don't consider that much.

Some people questioned that Option 1 is completely safe and there's no reason why one should make things more complicated by using Option 2. Well, to certain degree that's true. But every system that is dependent on third party (email in this case) cannot be considered entirely safe. There is high chance that important information may leak in transition which is entirely out of user's control.

---

I don't think any website would do this because it will make very difficult to maintain single database and unnecessarily create complication in the working of MVC (Model-View-Controller).