Bitcoin Forum

Other => Meta => Topic started by: Benkbeny on July 19, 2022, 06:45:11 AM



Title: User account email and password Reset.
Post by: Benkbeny on July 19, 2022, 06:45:11 AM
I have Taken my Time to review the forum set up and Discovered the only change that can be made to already created account is password reset.
I am suggesting if we can update the forum set up in a way that users can change the email link to their account. I created this topic because I have come to realised that account sold out are still stollen back by the seller for the reason being that they have access to the email even though the account buyer change the password to the account still they can still have access but if we can change email connecting our account after is created, it can minimize scam or stollen account related cases. This change should only be made accessible for the account owner together with strong password.


Title: Re: User account email and password Reset.
Post by: tranthidung on July 19, 2022, 06:54:33 AM
I am suggesting if we can update the forum set up in a way that users can change the email link to their account.
If you (or hacker) can log in your account, you can change the email address connects to your account. It leads to another trick. If you want to terminate your account, you can change initial register email to a random (non-existing) one, change the account password to a random and log out.

Quote
I created this topic because I have come to realised that account sold out are still stollen back by the seller for the reason being that they have access to the email even though the account buyer change the password to the account still they can still have access but if we can change email connecting our account after is created, it can minimize scam or stollen account related cases. This change should only be made accessible for the account owner together with strong password.
It can be done by a step above but why do you have to do this if you set up good passwords for your email, your forum account and 2FA for your email too.

For people who are careless with it, I am sure they will not care about changing their email only because to avoid hack. In addition, register email is one of way to recover your account so I don't think it is wise to change it to a non-existing email.

There is (un)official recovery method, by a signed message but email is important too.

  • Forum account: security, privacy, and recovery (https://bitcointalk.org/index.php?topic=5261696.0)
  • How to sign a message? (https://bitcointalk.org/index.php?topic=990345.0)
  • Stake your Bitcoin address here (https://bitcointalk.org/index.php?topic=996318.0)
  • Create your own non custodial wallet, get an address, sign a message and stake it in [3].
  • [GUIDE] How to Create a Strong/Secure Password (https://bitcointalk.org/index.php?topic=5132378.0)


It's good to take care of account security because it is good for you as well as reduce recovery burden on forum moderators.

By the way, I think it's better for you to learn about Bitcoin than try to learn about forum rules, trust flags, merit because Bitcoin should be a main reason you join here.


Title: Re: User account email and password Reset.
Post by: Maus0728 on July 19, 2022, 07:13:24 AM
I have come to realised that account sold out are still stollen back by the seller for the reason being that they have access to the email
Your concern won't be an issue if you are not the person who sells or buys bitcointalk account from some random dude on the internet. In fact, it is their own responsibility to take of their account and distrust those people who are involved in account selling.

Plus, if you really want to avoid your account being stolen or hacked, you need to religiously follow what @tranthidung has mentioned. Create a strong password, stake your bitcoin address, and have an improved OpSec.



Title: Re: User account email and password Reset.
Post by: tranthidung on July 19, 2022, 07:25:42 AM
Create a strong password, stake your bitcoin address, and have an improved OpSec.
I am dumb and did not know what is OpSec.  :-[
OpSec ~ Operational Security, according to Google

I learn a new tech term today.  :P


Title: Re: User account email and password Reset.
Post by: The Cryptovator on July 19, 2022, 07:08:19 PM
Create a strong password, stake your bitcoin address, and have an improved OpSec.
I am dumb and did not know what is OpSec.  :-[
OpSec ~ Operational Security, according to Google

I learn a new tech term today.  :P

You are right,

Quote
Operational security (OPSEC) is a security and risk management process that prevents sensitive information from getting into the wrong hands. Another OPSEC meaning is a process that identifies seemingly innocuous actions that could inadvertently reveal critical or sensitive data to a cyber criminal.

In short words, secure your sensitive information properly and shouldn't be compromised anyway. For example, don't store account credentials on any online device and maintain an offline notebook or something similar. And must need to keep safe places where it wouldn't steal.


Title: Re: User account email and password Reset.
Post by: Benkbeny on July 19, 2022, 09:23:18 PM
I have come to realised that account sold out are still stollen back by the seller for the reason being that they have access to the email
Your concern won't be an issue if you are not the person who sells or buys bitcointalk account from some random dude on the internet. In fact, it is their own responsibility to take of their account and distrust those people who are involved in account selling.

Plus, if you really want to avoid your account being stolen or hacked, you need to religiously follow what @tranthidung has mentioned. Create a strong password, stake your bitcoin address, and have an improved OpSec.

Oh OK. I was thinking my idea is a welcoming one.



Create a strong password, stake your bitcoin address, and have an improved OpSec.
I am dumb and did not know what is OpSec.  :-[
OpSec ~ Operational Security, according to Google

I learn a new tech term today.  :P

You are right,

Quote
Operational security (OPSEC) is a security and risk management process that prevents sensitive information from getting into the wrong hands. Another OPSEC meaning is a process that identifies seemingly innocuous actions that could inadvertently reveal critical or sensitive data to a cyber criminal.

In short words, secure your sensitive information properly and shouldn't be compromised anyway. For example, don't store account credentials on any online device and maintain an offline notebook or something similar. And must need to keep safe places where it wouldn't steal.
Now lemme now clear you the reason why I created this topic.
I came across this topic https://bitcointalk.org/index.php?topic=5405280.msg60587645#msg60587645 on the thread few days ago. I felt the employee that created that account with the company email may still have access to the company password to the email, if this is true then I think there should be alternative for this account email to change for the employee not have full control of the account anymore.
Am sure some users may have also experience cases like. Think about this idea once more if no need then am satisfied


Title: Re: User account email and password Reset.
Post by: logfiles on July 19, 2022, 09:36:13 PM
I created this topic because I have come to realised that account sold out are still stollen back by the seller for the reason being that they have access to the email even though the account buyer change the password to the account still they can still have access but if we can change email connecting our account after is created,

The feature has helped a lot of people recover their accounts which had previously been stolen or hacked. Removing it modifying it will deny the original account hack victims from recovering their accounts.

If one bought an account instead of creating one which is very easy, and the sold account gets regained by the original user, then they have no one to blame except themselves. Why would they buy an account in the first place?


Title: Re: User account email and password Reset.
Post by: Findingnemo on July 20, 2022, 07:49:27 AM
I have Taken my Time to review the forum set up and Discovered the only change that can be made to already created account is password reset.
I am suggesting if we can update the forum set up in a way that users can change the email link to their account. I created this topic because I have come to realised that account sold out are still stollen back by the seller for the reason being that they have access to the email even though the account buyer change the password to the account still they can still have access but if we can change email connecting our account after is created, it can minimize scam or stollen account related cases. This change should only be made accessible for the account owner together with strong password.

Bitcointalk accounts are not made for selling so this isn't going to be feature that everyone needed but you can change your email of your bitcointalk account if you know the password just by Profile= > Account related settings=> enter new email and enter current password and its done.


Title: Re: User account email and password Reset.
Post by: Hyphen(-) on July 23, 2022, 05:20:26 PM
I created this topic because I have come to realised that account sold out are still stollen back by the seller for the reason being that they have access to the email even though the account buyer change the password to the account still they can still have access but if we can change email connecting our account after is created, it can minimize scam or stollen account related cases.
It is forbidden to sell or buy an already build account in this forum.

This change should only be made accessible for the account owner together with strong password.
It's good to have it set up this way because if someone loses his or her account, he or she can still access or retrieve it using the linked email address.
Changing this policy will allow scammers and account hackers to hack some of the forum's most reputable members in order to scam or bring something that will have a significant impact on the forum's reputation. It's not a bad idea, and I believe the email system was designed for such a purpose.


Title: Re: User account email and password Reset.
Post by: khaled0111 on July 23, 2022, 07:21:24 PM
I have Taken my Time to review the forum set up and Discovered the only change that can be made to already created account is password reset.
I am suggesting if we can update the forum set up in a way that users can change the email link to their account.
Unless am reading this wrong otherwise the whole topic seems to be based on a wrong assumption! Because it's possible to change the email address from your account settings. So am not sure what the problem is exactly?
If you sell your account and the new owner changes its password, you can't recover it without knowing the new password even if you have access to the email linked to it.
The new owner can change the email too and all you can do is to lock the account from the link on the notification email you will receive.

It is forbidden to sell or buy an already build account in this forum.
No. Buying and selling accounts is not forbidden according to the forum rules (https://bitcointalk.org/index.php?topic=703657.0). However, it's frowned upon by the community.


Title: Re: User account email and password Reset.
Post by: cryptoaddictchie on July 25, 2022, 05:51:50 AM
Bitcointalk accounts are not made for selling so this isn't going to be feature that everyone needed but you can change your email of your bitcointalk account if you know the password just by Profile= > Account related settings=> enter new email and enter current password and its done.
Yes its not but it can be used to do selling activity such as digital goods and stuff which is allowed in here as long as they are following the rules. Of course with the exception of the bitcointalk account which is highly prohibited activity here.



As far as I know OP email can be changed maybe you arent noticed it, just head to profile section and edit it.