|
Title: What if I don't change my Password? Post by: faceplantz on October 16, 2014, 02:04:22 AM Bitcointalk Forum has this on the news:
"Due to a recently-discovered flaw in the TLS and SSL protocols, you may want to change your password, especially if you accessed the forum using Tor." What will happen if I will not change my password? Title: Re: What if I don't change my Password? Post by: BadBear on October 16, 2014, 05:55:37 AM If someone else got it using the vulnerability, they'll change it for you, and good luck getting the account back. Other than that, nothing.
Title: Re: What if I don't change my Password? Post by: TheButterZone on October 16, 2014, 06:05:14 AM Let's all just change our fucking passwords every day until the forum fucking gets modified to OTP-based authentication a la https://github.com/nanotube/supybot-bitcoin-marketmonitor
Title: Re: What if I don't change my Password? Post by: haploid23 on October 16, 2014, 06:54:27 AM What will happen if I will not change my password? Then you die. Title: Re: What if I don't change my Password? Post by: Vortex20000 on October 16, 2014, 07:06:59 AM What will happen if I will not change my password? Then you die. Title: Re: What if I don't change my Password? Post by: sgk on October 16, 2014, 07:10:21 AM Bitcointalk Forum has this on the news: "Due to a recently-discovered flaw in the TLS and SSL protocols, you may want to change your password, especially if you accessed the forum using Tor." What will happen if I will not change my password? http://t.qkme.me/3tdarr.jpg Title: Re: What if I don't change my Password? Post by: Somekindabitcoin on October 16, 2014, 07:14:58 AM If you don't change your password, worst case scenario is if you use the same password for the email you signed up with, your email will be hacked. If you also signed up for different online wallets using the same email, they could simply recover the account, change all the info so you can't get into your email and throw all your bitcoins in a mixer and you'll never see them again.
The best case scenario is that they take your account and you didn't sign a PGP key with your Bitcoin address or haven't referenced an owned bitcoin address and therefore, it would be unrecoverable. BadBear only recovers if you could sign a message with an address you've previously used before. Title: Re: What if I don't change my Password? Post by: Vortex20000 on October 16, 2014, 07:20:11 AM Bitcointalk Forum has this on the news: "Due to a recently-discovered flaw in the TLS and SSL protocols, you may want to change your password, especially if you accessed the forum using Tor." What will happen if I will not change my password? http://t.qkme.me/3tdarr.jpg Title: Re: What if I don't change my Password? Post by: 1Referee on October 16, 2014, 10:59:43 AM Bitcointalk Forum has this on the news: "Due to a recently-discovered flaw in the TLS and SSL protocols, you may want to change your password, especially if you accessed the forum using Tor." What will happen if I will not change my password? Don't be lazy and just change your password, although I don't think a hacker would waste his time on hijacking a newbie account :D Changing password will take you only a minute.... Title: Re: What if I don't change my Password? Post by: MadGamer on October 16, 2014, 06:41:19 PM Didn't understand most of that message anyway but when It mentioned Tor ... I just passed because I don't use that browser , should I change my pass anyways ? :-[
Title: Re: What if I don't change my Password? Post by: Simon8x on October 17, 2014, 08:43:04 AM Didn't understand most of that message anyway but when It mentioned Tor ... I just passed because I don't use that browser , should I change my pass anyways ? :-[ Even if you didn't use Tor, your ISP or proxy server could also steal your password. Should we consider PIA to be an untrusted proxy, or should be generally be safe with them? So only "untrustworthy ISP" and TOR users are affected, everyone else safe? I hate changing PW's. More susceptible to forget them. You'll have to use your own judgement on that. Do you trust that your VPN/ISP didn't use this attack against you to steal your password? Some things to know: - It's an active attack, so if your ISP was just recording traffic, this wouldn't help them now. - If you didn't actually use your password to log in within the last couple of days (ie, not just logging in using "remember me"), then your ISP only could have stolen your password if they'd known about the vulnerability before it was publicly announced. |
