Bitcoin Forum

i dont understand how anyone can change the password of an account without get asked for a mail link confirmation,

i just changed the password in another server and they do ask to click link in the mail for confirmation,

lot of hacks could have been avoided with just this extra measure, i am so pissed of a scummbag steal my account,

to lock the account it does send a confirmation to the mail however!, damn it,

such high volume of posts in this super big forum should return better security measures...

Could you refrain from posting multiple threads about the same subject? You need to recover the account via a signed message, if you haven't got an address in which you can do that then that's your own security mishap as this has been an accepted practice for a long time now.

i just suggested some changes that might free from work the admins and increase the forum security

i find its no sense to just allow some one to recovery his account if he posted a bitcoin address he can sign,
you just find this is needed when you already losted your account,
you dont receive any mail about "ey remember tu put a bitcoin address somewhere just in case some one hack your account"

thats a no sense rule, i can prove over several ways impossible to fake, and the common sense, that i am the owner of the account, if the admin
just want allow a signed bitcoin address because he has not time to lose checking extra proves, then that pretty sad..

i had this problem for use a stupid password, my fault, in 5 years no problem any way, but some scumbag probably used a bot, start trying common password over random nicks in the forum and i got in.

even if i had a better password, that doesn't hide the poor security this forum has when changing password and mails,
if we increase the security with extra common sense steps, (mail link confirmation) the number of hacked accounts will drop, and the admin work will decrease too,

so thats why i opened this thread, to suggest changes that will make this forum better,

PGP or signing an address is one of the best ways to recover anything and thats why PGP is used in proving you are who you say you are. Signing a bitcoin address is the same and it's why so many escrows sign an address that they control.


2FA authentication has been suggested too and will be part of the feature list of the new forum but I think thats using bitcoin addresses and signing too.

i am sure its a nice way to prove it, but no message alerts you to post an address and save the private key since will be needed in case of receovery.
so what if you dont have any bitcoin address posted? i am pretty sure there are tons of people who never posted any address because they had no need to.

also neither change the fact security measures in the forum are very low, and you must wait months before the admin answers you in case of a hack,

the security on the forum and the recovery path is just out of any sense,

asking a signed message should rather be an extra last step, not the single one.

that an objective point of view,