|
Title: Suggestion: bitcoin address as added security feature for accounts Post by: qwk on September 10, 2013, 11:04:37 PM Someone suggested on an other thread that email address changes be subject to confirmation by the original email address:
https://bitcointalk.org/index.php?topic=291552.0 While this may be a good idea for most use cases, in case of a "lost" email address that might lock somebody out of his own bitcointalk.org account. I thought about it and asked myself: Wouldn't it be nice (™ The Beach Boys) if we could add a private key as a security feature? I.e. changing your email address or password could require a message signed with your private key or something similar. Maybe as an opt-in security feature for experts, since not everybody may be able to handle that. Edit: changed private key to address in title. I obviously want to keep my private Title: Re: Suggestion: private key as added security feature for accounts Post by: DeathAndTaxes on September 10, 2013, 11:07:02 PM Could just use a bitcoin address or PGP public key. This provides the site with "proof" of the request and authentication as well. Essentially if your PGP key or wallet is compromised it is your fault and the site can prove so.
Title: Re: Suggestion: private key as added security feature for accounts Post by: Boxman90 on September 10, 2013, 11:11:18 PM An extra layer of security by means of proving ownership of a BTC address controlled by the user, for any security-related action (password change, email addrss change), seems like a very elegant solution. Especially for this forum.
Probably should make it optional (but urgently recommended upon registering) because true noobs usually don't have a BTC address yet. It's a very good improvement on the initial idea of verification-by-email, I guess. Title: Re: Suggestion: private key as added security feature for accounts Post by: qwk on September 10, 2013, 11:13:10 PM Could just use a bitcoin address or PGP public key. This provides the site with "proof" of the request and authentication as well. Essentially if your PGP key or wallet is compromised it is your fault and the site can prove so. That's actually what I meant, should have written address instead of private key. Going to revise the title. :) Title: Re: Suggestion: bitcoin address as added security feature for accounts Post by: Kouye on September 10, 2013, 11:58:37 PM Looks like a good option to me.
Make it impossible to change password or email address unlesss we send a captcha result signed with a "id" address, mandatory to register. No, it does not jeopardize your privacy, it is just a single-shot-sign-up address. No transaction to be expected on that one. Title: Re: Suggestion: bitcoin address as added security feature for accounts Post by: TheButterZone on September 11, 2013, 07:07:50 AM Concur.
Title: Re: Suggestion: bitcoin address as added security feature for accounts Post by: greyhawk on September 11, 2013, 08:43:45 AM theymos basically says in the new forum software this will be an option. I wonder if BFL is developing this mythical new forum software. Title: Re: Suggestion: bitcoin address as added security feature for accounts Post by: TheButterZone on September 11, 2013, 09:25:43 AM https://bitcointalk.org/index.php?topic=276512.0
https://bitcointalk.org/index.php?topic=50617.0 Title: Re: Suggestion: bitcoin address as added security feature for accounts Post by: greyhawk on September 11, 2013, 09:39:40 AM https://bitcointalk.org/index.php?topic=276512.0 https://bitcointalk.org/index.php?topic=50617.0 I'm aware of that. This was the last anyone ever heard of "Syphor Software" Quote Due to all the feedback we have received, we are sad to say that the beta release will be pushed back to Monday August 26 in order to give our team members more time to redesign our UI to reflect the feedback we received from our previous mockup screenshots. We hope you partake in our beta and help us make software that is optimized to what the community would like to use. |