Not entirely true. My method for time travel requires that I need an active Multidimensional Energy Radiating Interwarp Triphasic Chronon Linking Universal Beacon to jump back to. Since I didn't establish the first one of
these until I was 6 years old, I can't travel back to my early childhood.

Perhaps next time you are jumping back to the 1800s or so, I could give you one of my MERITCLUB transponder units to take back with you?

Another +1 for Ledger here. Last year's Black Friday deal was 50% off, so although it is good to get your crypto off of an exchange/software wallet and on to a hardware wallet as soon as practical, it might be worth holding on a few weeks. It works beautifully with both Bitcoin and Monero.

You can use Ledger Live for Bitcoin, but I would suggest pairing the Nano S to Electrum instead for increased functionality.

Ledger Live does not support Monero, but the Nano S works well with both Monero's GUI and CLI wallets, although these are both desktop only. Obviously the GUI wallet is going to be easier to use unless you are already familiar with using command line interface. You can get these wallets here: https://web.getmonero.org/downloads/.

Apparently Monerujo (a mobile Monero wallet) is compatible with the Nano X, but not the Nano S. I've never used this wallet personally so can't vouch for it.

It sounds interesting, I'll bookmark this thread to come back to it when it is up and running to check it out. If it gets popular, you are going to have to deal with a lot more traffic than the 20 or so users who have clicked on this thread would generate though.

My only concern from your initial post is this feature:
The "Whale Alert" account on twitter which essentially does what you are describing here is panic-inducing nonsense. 99% of the trades it reports are exchanges (or other services such as web wallets or casinos) either moving from hot wallets to cold wallets, cold wallets to hot wallets, or sometimes cold wallets to new cold wallets. The small number of trades that are actually from individuals are almost always them also moving funds between wallets. The very rare times that one of these alerts is an individual making a trade, it is always OTC. Despite all this, every time they put out a tweet, there are users on here, on reddit, on twitter, who panic that the market is about to "crash". During Coinbase's upgrading of their cold storage last year, despite announcing it beforehand, making blog and twitter posts updating people to how it was going, and the addresses involved all being clearly linked to Coinbase, "Whale Alert" still managed to panic a bunch of newbies in to selling their weak hands.

If you are going to implement a feature like this, could you at the very least use the list of exchange addresses from walletexplorer.com or similar so you can ignore movements which clearly will have no effect on the market?

You can see on etherscan that your token has the symbol [SWIPE], while the one they are trading has the symbol [SXP], which is clearly displayed in the picture the rep sent you. If you visit the page for [SXP] here (https://etherscan.io/token/0x8ce9137d39326ad0cd6491fb5cc0cba0e089b6a9#tokenExchange), it shows that it is being traded on Bithumb. If you visit the page for [SWIPE] here (https://etherscan.io/token/0x13d71cfc90a83cd1cc0e59675c3f4b90d4162a8b), you can see it isn't listed on any exchange.

Bithumb have a post here (https://support.bithumb.pro/hc/en-us/articles/360035860594-Bithumb-Global-SXP-Listing-Sep-25-2019) announcing their support for [SXP], which quite clearly shows it is a different token to the one you sent.

The only place I can find which is trading your [SWIPE] tokens is Binance DEX. There has only ever been a single trade, and the next buy order at 0.00004 BNB values your tokens at $0.0007 or 0.07 cents each: https://www.binance.org/en/trade/SWIPE.B-DC0_BNB

The [SXP] token on Bithumb is trading at around $2 each, with a 24h volume of around $38 million between the BTC and USDT markets: https://www.bithumb.pro/en-us/spot/trade;symbol=SXP_USDT

These two projects are massively different, and similar only in name. If you aren't aware if the token you are holding is worth 2 dollars or less than one tenth of a cent, you probably need to spend a bit more time researching before you buy/sell/trade/send your tokens anywhere.

The fault for this lies squarely on you, I'm afraid. It would be nice for Bithumb support to be more helpful in trying to return your funds, but at the end of the day your 2,100 tokens are worth about $1.50, so I wouldn't be holding your breath.

It obviously has nothing to do with protecting customers. It is entirely to protect themselves. As you say, sending my KYC to a total stranger doesn't offer me any protection at all. It offers them protection when the government comes knocking and demands proof that they aren't facilitating money laundering, or demands records so they can start harassing people for taxes.

Then you would be shut down, along with every other centralized exchange which doesn't sell out its users to the government. If you want to avoid KYC, trade peer-to-peer on a DEX.

Pretty much. If you have your identity stolen, have thousands of dollars of debt racked up in your name that isn't yours, get a criminal conviction for something you didn't do, do you think the government is going to help you? Of course not. You will have to pay thousands for lawyers to sort it out. The government doesn't care about. All they care about is getting their hands on your money.

Ranks don't have any relationship with trust. Have you read the 20 or so replies to your initial post? No one equates rank with trust. Literally every post is saying that rank means nothing in terms of trust.

What connection is there between "Full Member" and any jurisdiction? I have no idea what you are talking about. And you seem to still be proposing that Full Member should only be for users who undertake KYC? Not only would that never happen, but it would kill the forum overnight. The only people willing to undertake KYC just to post are bounty spammers.

Email should never factor in to your 2FA set up, either as 2FA itself (click a link on the email we send you, for example), or as a back up to your 2FA app or codes.

The whole point of 2FA is to be two separate, independent factors. If you are using your email as a login, then chances are you can reset your password via email. If you can also access/transfer/reset your second factor via the same email, then you no longer have two factors, you have one. If someone who gains access to your email can break both your factors, then that's not 2FA.

Accounts which have been active for a long time, and are therefore higher rank, are more likely to have built up a good reputation than a newbie account. Conversely, simply being active for a long time doesn't automatically mean more trustworthy. So although highly trusted accounts are more likely to be highly ranked, higher ranks aren't inherently more trustworthy.

I'm sure that suggestion has nothing to do with your inability to rank up above Full Member.

Absolutely not:

So we shouldn't be teaching newbies about best security practices because they are difficult? Just let them use insecure methods because they're easier? I don't think so.

Downloading and using a single authenticator app is hardly challenging. I stand by my original point: Of the commonly offered 2FA methods - SMS, email, app, hardware keys - SMS is by far the least secure. Just as we shouldn't be encouraging anyone to leave their coins on an exchange because it's "easier", we shouldn't be encouraging anyone to use SMS 2FA, and those who are should be encouraged to upgrade to an authenticator app.

SMS is a very insecure method of 2FA, and if you have an app which is using it, I would suggest either disabling it (if you can) or changing app altogether. It is relatively easy (certainly easier than most other forms of phishing or hacking) for an attack to learn enough about you through social media or similar to phone your mobile company and convince them they are you, and to move your number to a new SIM. Once they do so, they can use that to reset passwords or in this case use 2FA for whatever you have linked.

See my reply here. As long as you encrypt the app with a password before you back up, it seems the backup will be similarly encrypted with the same password.

OP, can you lock the thread please? Seems the Cryptotalk spammers have arrived to just repeat what has already been said.

I would like banks to offer 2FA for fiat for a start. As it stands I could (I don't, but I could) log in to my online banking using just a password of 7 letters and 1 number, and access my banking app on my phone with either finger print or facial recognition. I've set them both up to require both a much better password as well as a PIN to access, and disabled all biometrics, but it is worrying that they even offer this, since I bet the majority of the average population are more than happy to protect their life savings with facial recognition or something equally insecure. Proper 2FA to both access as well as make any transfers or withdrawals would be nice.

I do agree with you though, and I'm sure when bitcoin goes mainstream and we start seeing JPMorgan, HSBC, ICBC bitcoin accounts, the vast majority of people will be more than happy to ignore the entire point of bitcoin and let the banks hold their coins for them.

You don't have to list every board individually; you can also use categories (by using "c=" instead of "boards=")

For example, for all bitcoin boards, instead of going to https://bitcointalk.org/index.php?action=recent;boards=1,74,77,86,87,6,37,98,100,138,97,231,261,14,40,41,42,76,81,4,12, you can just go to https://bitcointalk.org/index.php?action=recent;c=1.

The categories are as follows:

1 = Bitcoin
3 = Economy
4 = Other
6 = Alternate cryptocurrencies

2 is hidden to standard members, and 5 is all local boards together which is obviously useless to anybody who doesn't speak 10+ languages.

I've not figured out a way to use categories and boards at the same time though.

You can also find a list of all boards and their numbers here: https://bitcointalk.org/index.php?topic=5115990.0

Do people not write down the codes? Every website you activate 2FA on should provide an alphanumeric code alongside the QR code which you can copy down. If they don't provide a code, good 2FA apps will turn the QR code in to an alphanumeric one after you scan it.

I have a strong dislike of backing anything up on cloud servers or non airgapped machines, even if encrypted. I have my 2FA database (encrypted) backed up on an airgapped device, but I also have all my codes written down on paper and stored much like my mnemonic phrases (albeit separately).

Exactly. The only reason Craig Wright is still pushing his ridiculous and blatantly false narrative is because people keep talking about him. There are loads of people out there who claim to be Satoshi with no evidence, but nobody knows about them because we don't talk about them. It's a self fulfilling cycle. If we could all just ignore him like we do with other frauds, he would cease to keep popping up all over the place. Just let the courts clear him out.

I had never heard of this conference, and yet here I am reading a post about it which wouldn't have been made if CSW wasn't invited. He has achieved his purpose of stirring up some attention.

Still, a conference with known scammer Ver, known scammer McAfee, and known scammer CSW as the keynote speakers. I'm sure it must have been incredibly interesting - really sad I missed it! /s

Have you tried using a different authenticator? Many websites, including some that I use with andOTP, say the user needs to use Google Authenticator, but work just fine with other authenticators.

The algorithm is the same. The website provides a shared secret key, which you scan in the form of a QR code when you set it up for the first time. The authenticator uses that key, along with the current time, to generate a code. The website does the same thing to see if the code matches.

So don't download from unofficial sources. Problem solved.

This is a flawed argument I'm afraid. Windows is far more widely used than Google Authenticator. So is iOS. So is Android. So is Chrome, and Firefox, and Edge, etc, etc. All of these have been subjected to very bad security breaches and exploits. Widely used does not automatically mean safe.

No problem, glad to help.

Pretty much. They may have a couple of main wallets, and go back and forth between hot and cold wallets, but this is essentially the principle.

If you use any third party service, (mixer, VPN, email client, etc.) you have no way of knowing for sure exactly what logs they are keeping. The difference is that exchanges are legally required to keep logs and hand them over to the government. ChipMixer states that all logs are deleted once your seasion ends, and there has never been anything to suggest otherwise.

That's only fair she hands all that back. After all, it was all paid for illegally by using clients' funds. It doesn't even come close to the $150 million-ish that is still outstanding, though.

Given the volume of bitcoin and other crypto that "went missing" or is "inaccessible", do we believe that she doesn't own any at all? The list of assets she is keeping doesn't mention crypto at all. Given how scummy Gerald Cotten was, I'd be surprised if he hadn't stashed some away for his wife somewhere.

Every 2FA works everywhere. The site has no idea if you are scanning the QR code with Google, Authy, andOTP, Aegis, or any other app. Hell, you could be writing down the shared secret and calculating your code by hand if there wasn't a time limit. The website doesn't know. All it cares about is the code you return.

Open source doesn't mean anyone can edit it and push changes to the app stores. It means anyone can view the code and suggest changes. Changes still have to be agreed upon by the developers, and the community will see these changes before it goes live. Compare that with Google Authenticator which could have any code added to and everyone would be none the wiser. Just because it is released by Google doesn't automatically make it more trustworthy; in fact, I would trust it less. Google Authenticator also hasn't been updated in over 2 years. Not great.

It works, sure, but it is the bare minimum. There is no way to export or back up your database. You can't encrypt or password protect access to it. Not to mention everything owned or developed by Google is spyware. It is a poor choice.

See my first paragraph in this post and my previous post. Every 2FA app will work on every site.

Regardless of which 2FA app you are using, you should still be writing down the back up codes given by each site on to paper and storing them securely, much like a mnemonic phrase.

You are correct. Even sites which specify "Download the Google Authenticator app" (which unfortunately many sites do), will still work just fine with a different 2FA app.