Bitcoin Forum

It looks like quite a few members here got scammed by people who managed to get access to abandoned accounts, most likely because they used the same password on multiple sites.
Especially if the accounts belong to users with more than 100-200 postings, others trust them more than newbie accounts, what makes the scam easier to pull off.

There should be a "max days between logins" limit, after which an account gets locked and need to be manually enabled again by a mod. Either by sending a new password to the registration mail (which could be hacked too however), or by having the member sign a message with the btc address in the sig (if available; perhaps make providing a btc address mandatory), or by giving hints about who they sent PM's to.

If someone doesn't log in at least once every 30-60 days, he hasn't much interest in Bitcoin at all.

Does not mean that you should lock the account mate.

That is not nice for people that don't even have any idea why the account is locked nor can find out why.

-1 for this policy.

Going by past experience, it is indeed much more likely than an individual's computer/email being cracked that a server's db was accessed without authorization, as happened when MtGox was compromised, and a flood of old users who used the same credentials had their forum account compromised as a result. I would think it reasonable to have them simply sent a confirmation email before being allowed to log in if it has been over 30 days since they last logged in. Simple email verification, minimal headache. ... If it's not too much of a headache to implement.

Identity theft on this forum should be taken very seriously. It should be more stringent than the "typical" forum. She don't look like much, but is competent-enough to facilitate tens of thousands of dollars worth of transactions every week (I'm guessing). After the flood of ID thieves post-Gox-GOXing, I think most members have the sense to check post history to look specifically for when that user last made a post before entering into a transaction, though newbies probably aren't aware. Having one's first transaction be a scam may be enough to push them out of interest in Bitcoin forever.

Well, with that tag below your username, I'm not really surprised that you don't like my suggestion.

Of course you can let people know why the account is locked. Just redirect them to a page explaining why and what to do about it when they try to log in.
An email verification or a signed message isn't really that much work if you can't be bothered to log in at least once every month or two.
With such a policy, threads like this one would not exist: https://bitcointalk.org/index.php?topic=86248.msg982776#msg982776
The lender would still have his 55btc.

Very funny personal attack. Locking accounts at random because they did not have time to log in = genius policy.

How about being SMART and not getting scammed like a sheep for a start ?

Anybody not doing due diligence and handing over $$$ to strangers on the Net deserve to be scammed by me.

Use escrow and you are safe ... but some just want / beg to get scammed !

If only there was some authentication method that could be used when doing over the counter trading like this.   :D

 - http://webchat.freenode.net/?channels=#bitcoin-otc-foyer
 - http://bitcoin-otc.com/viewratings.php
 - http://wiki.bitcoin-otc.com/wiki/GPG_authentication

You worked hard to get this tag, along with 22.5btc, so you've got to live with it.
Also the locks won't happen randomly, but after a defined time and with a redirect to an explanation.

So how does an escrow protect you from someone who just keeps the money lent to him?
Like in this case: https://bitcointalk.org/index.php?topic=86248.msg982776#msg982776

I would say at the very worst, after an account hasn't been logged into in 3 months, reset it so that they need to do email activation to use the account again...  But even that would be tricky to set up, and I think it should be an opt-in feature instead of default.

I respectfully disagree.
I was thrilled when I found that, after registering and not using my account here for eight or so months, I didn't have to get out of "newbie jail" (that wasn't a thing when I registered).

Going by the SKEWED mentality of the "lock user account" supporters in this thread, I would say you are going to scam somebody in the next month.

You are not probably going to scam anyone. 

Don't lock any accounts.

How about locking satoshi's account too ?

We already have, but for unrelated reasons.

What if he decides to come back ?

Seems a bit harsh ... not convinced he really died or something.

He still has his GPG key, as well as at least Gavin's contact information.

Are you afraid someone manages to hack into his account (0day exploit in SMF, gueesses pwd, whatevah) and impersonate him?

That much should be obvious. If he comes back, he could use his GPG key to sign a message asking for his account to be unlocked.

+1 for email verification
-1 for manual mod reactivation, because it's too much of a hassle
-1 for the BTC address idea, because it links forum accounts to wallets, which may become corrupt, or lost. Not to mention the possible incompatibility with 3rd party clients.

that kills the whole point. the purpose is to ensure ignorant users' accounts can't be used by scammers. Do you think ignorant users are going to opt-in to any feature?

this actually happened. that's how the db got leaked.