Why changing the email and the password is so easy !!!!

[longlivecapitalism]

I'm not sure a discussion over whether I am using Bitcoin or not is worth having with a person who doesn't have a phone.

Neither did Satoshi Nakamoto, in this context.  Not that that would matter to one of the ovine imbeciles who exclusively keeps money on exchanges.  Baa, baa.  Do you even know what a private key is?  It is self-evident that you neither know nor care why private keys are important.

Written from my phone  

That’s not something to brag about.  That you think it is, says much about you.  But not as much about you as your attitude about private keys.

The Bitcoin Forum is for users of Bitcoin.  By definition, such people have private keys.  Those who don’t are serfs, living on a master’s estate and at his mercy.  As a serf, you should know your place, and never expect anybody to take your opinion seriously.  How dare you come on the Bitcoin Forum and complain that it’s such an imposition to have a private key?

Well, for starters, I don't care if it's mandatory or not. Which is why I added it as a PS, an afterthought if you will,

Logic failure.  What you said was this:

PS: The phone validation would solve lots of problems with spammers in this forum. Just saying.

How could that even try to solve any spam problems, if it were not mandatory?  I do not expect that spammers would “opt-in”.  Had you been advocating optional SMS “verification”, you would not have suggested it to be an antispam measure.

Mate, are you serious? I have a lot of altcoin wallets, just no Bitcoin wallets. I didn't know it was a prerequisite to have a Bitcoin wallet to be able to regain your account in bitcointalk after someone has hacked it, maybe it should be on the registration page. In fact, even comparing the two, having a bitcoin wallet and a phone number, makes you look like a fool. What percentage of the world population has a Bitcoin wallet and is it bigger than those who have a phone number? Even assuming that because I don't have a Bitcoin wallet I actually keep Bitcoin in exchanges is idiotic since I never even suggested such a thing. Bitcoin is the way to exchange my fiat into altcoins and vice versa but of course, someone so stuck on Bitcoin would never understand that  

Again, my PS was just a suggestion, to be considered. I already told you that. The logic failure is yours. I already told you that linking an account to a phone number would be beneficial to me and many users in here. Just call us dinosaurs for having a phone still, I don't care. The truth of the matter is that this is an easy way to prevent account hacking. Whether it can actually benefit the moderators from lowering the number of spam accounts, requires a bigger conversation. I believe it can. But I am talking about two separate things here and there's a reason I suggested it as an afterthought, which you just don't want to or cannot understand. That's okay. Not everyone can understand the way I'm thinking  

"The Bitcoin Forum is for users of Bitcoin"

That's a load of crap and you know it. Just check the number of posts in the altcoins section. I don't come here to read news and analysis about Bitcoin, I come here for the altcoin section. And if there was a way to make a poll about the reasons people are in this forum, you'd see that despite the name, people come here for different reasons than that. Only people who have yet to scratch the surface of this forum think that all these users come here because of Bitcoin. Are you one of these people  

Edit: LoyceV, I will give some thought to your suggestion on the matter of the paper wallet. However, I believe that a forum such as bitcointalk should offer its members some sort of extra protection. I've been in forums that have 2FA as an option and they're definitely smaller than this one, so I don't know what the big deal is about doing this or having the option (again, I'm suggesting it to be optional) to link your phone number to your account to make sure it's not easily hackable.

[trankil_]

1- Improve the bitcointalk account security using email verification when anyone login with a new device into the account.
2- Add a phone verification in case of login with a new device.
3- Add a new procedure for recovering a hacked account that doesn't take too much time.

i can be more agree than that

you can add this option too :

 delete the personal security question , because even if we answer correctly to this one, we are locked for manual review.... and we wait we wait we....

like me here https://bitcointalk.org/index.php?topic=2851296.0

[al1n]

Forum was created in a period when bitcoin was probably the only coin available. That times are over.
Most of the people nowadays use bitcoin (if they even use it, because there are other alternatives)
only as a meaning to an end: to convert altcoins into fiat. And for that you don't even need a personal wallet,
the one(s) from exchange(s) is(are) more than enough for the purpose. Asking for a signed message with
bitcoin address as the only way to be able to recover an account seems rather archaic and leave a lot of people without a real option.

2FA is the way to go. It doesn't need to be phone connected, there are plenty of other alternatives.
Any TOTP code can be obtained on any computer as long as seed is known; you don't need a phone for that.
Also asking the user for confirmation before doing a critical change to the account should be mandatory.
That means at least sending a mail with a confirmation code. That's minimum security, any site has such an option implemented.

[longlivecapitalism]

Forum was created in a period when bitcoin was probably the only coin available. That times are over.
Most of the people nowadays use bitcoin (if they even use it, because there are other alternatives)
only as a meaning to an end: to convert altcoins into fiat. And for that you don't even need a personal wallet,
the one(s) from exchange(s) is(are) more than enough for the purpose. Asking for a signed message with
bitcoin address as the only way to be able to recover an account seems rather archaic and leave a lot of people without a real option.

2FA is the way to go. It doesn't need to be phone connected, there are plenty of other alternatives.
Any TOTP code can be obtained on any computer as long as seed is known; you don't need a phone for that.
Also asking the user for confirmation before doing a critical change to the account should be mandatory.
That means at least sending a mail with a confirmation code. That's minimum security, any site has such an option implemented.

Friend, if I had a merit I would have given it to your post 

[LoyceV]

Edit: LoyceV, I will give some thought to your suggestion on the matter of the paper wallet. However, I believe that a forum such as bitcointalk should offer its members some sort of extra protection.

A staked address is a very easy method to offer this protection, although I do agree account recovery often takes too long.

Also asking the user for confirmation before doing a critical change to the account should be mandatory.
That means at least sending a mail with a confirmation code. That's minimum security, any site has such an option implemented.

I've had most of my forum accounts longer than most of my phone numbers and email addresses, and this forum account has already outlived at least 2 of my phones (although not my phone number). I consider losing my phone much more likely than losing access to my account, and in that case it will only lead to more support requests.

[al1n]

I've had most of my forum accounts longer than most of my phone numbers and email addresses, and this forum account has already outlived at least 2 of my phones (although not my phone number). I consider losing my phone much more likely than losing access to my account, and in that case it will only lead to more support requests.

That's now what I tried to say. I'm simply asking that before you can change a critical part of your account (like email or password), you should receive an email at the current email address and you have to confirm that you really are the person who initiated the change. That means to click on a link or get a confirmation code in the email. Without using that link or confirmation code you should not be able to make the change you want. Of course it is possible that you don't have access anymore to the current email address, so an alternative way of confirmation should be available (a second email, sms, phone call, 2FA code). Sms or voice call are not something that some people would want for lack of anonymity, but the other 2 can be safely used from this point of view.

[longlivecapitalism]

Edit: LoyceV, I will give some thought to your suggestion on the matter of the paper wallet. However, I believe that a forum such as bitcointalk should offer its members some sort of extra protection.

A staked address is a very easy method to offer this protection, although I do agree account recovery often takes too long.

Also asking the user for confirmation before doing a critical change to the account should be mandatory.
That means at least sending a mail with a confirmation code. That's minimum security, any site has such an option implemented.

I've had most of my forum accounts longer than most of my phone numbers and email addresses, and this forum account has already outlived at least 2 of my phones (although not my phone number). I consider losing my phone much more likely than losing access to my account, and in that case it will only lead to more support requests.

It's the opposite for me. I still keep my first e-mail address, although now I have others, and my phone, even though it's obviously not the same device, still has the same number that I had in middle school, which was ages ago 

Which is why I don't understand why it's an inconvenience to have your account linked to your phone number. I've lost phone devices and then I went with my ID to my cell provider and simply got a new SIM card with the same number and a new phone. It's certainly easier than asking some moderator to recover my account and wait for I don't know how long for this process.

Now, 2FA, that can be a tricky one if you use Google Authenticator. I haven't lost a device recently, but I know that if you lose your phone which has the 2FA app, you're screwed. But there are other 2FA apps out there.

Which is why I think that the best solution is to simply verify via SMS and link the account that way. Again, because some people don't listen, I think that this should be an option and not mandatory. When I referred to it as a solution to spamming I was talking about another thing entirely which would require a much bigger conversation and frankly, I don't care much to have it. I'm lazy 

[LoyceV]

Which is why I think that the best solution is to simply verify via SMS and link the account that way.

This totally ignores one of the most important arguments against it: privacy! At best, I could use a prepaid number, which means I have to add balance at least twice a year. If I forget it, I lose the number, and thus access to my account.

[al1n]

Just remember one thing: high rank account in this site means money. We can debate this as much as you like, but this is the reality.
High rank accounts are monetizing their position and some of them gain quite a lot from this forum.
So security must be increased. Having only a user/password pair is way to less for current online security.
You don't like a phone number, that's fine. i wouldn't choose such an option either. But something must be done.
I said 2FA, there are concerns about google authenticator, but there should not be. You don't need a phone to generate google codes.
If needed I can explain how you can do it without a phone or how to recover seed codes from google authenticator app  on android.
I'm quite sure there are other possibilities too, only the will to implement them is required.

[longlivecapitalism]

Which is why I think that the best solution is to simply verify via SMS and link the account that way.

This totally ignores one of the most important arguments against it: privacy! At best, I could use a prepaid number, which means I have to add balance at least twice a year. If I forget it, I lose the number, and thus access to my account.

Well, then this is not for you like I don't feel like staking my Bitcoin address would be something that would be beneficial to me. Especially if I have to wait for long periods of time for my account to be reinstated. But I believe that lots of users in this forum would be relieved to have that option. You want to remain completely anonymous, okay, I get it. I'm not suggesting a mandatory security measure here. I'm suggesting an option that would benefit me as many other users who prefer to lose part of their anonymity in favor of not losing their account and frankly, I don't know why we keep circling back to the issue of anonymity here. Privacy should be people's right, and to me this means they should be able to give some of it away if they wish in exchange for something more beneficial to them.