Authorize log-in attempt by e-mail - Bitcointalk account

[bitmover]

Hello,

Everyday we see new topics where people complain about their hacked accounts.

As most people here earn money with their accounts, everyone should worry about account security.

Now with the implementation of the merit system our accounts are even more valuable since our hard earned merits are even more valuable than most altcoins people get from bounties.

I saw that there are already many threads asking for 2FA on your Bitcointalk. For some reason it has never been implemented.
But there are other mechanisms to increase security that can be implemented in our forum.

My suggestion is simple:
Implement a log-in authorization by e-mail every time a different IP try to login in your account.

When you try to login to your account in a different computer or network you will receive a message: "Check your e-mail to approve login attempt."

I think this simple implementation can avoid most of the related problems with hacked accounts.

Many exchanges and webwallets already use this method, so most people are quite familiar with.

What are your thoughts?

[godzillarekt007]

I like the idea a lot, it reminds me of how Bittrex does it when you sign in from different IP. Added bonus is because we don't have 2FA we won't have to type that code in several times before entering. 2 thumbs up idea, great way to increase security!

[hilariousandco]

There is already an authentication email sent once you try reset the password and/or change your email.

[bitperson]

Implement a log-in authorization by e-mail every time a different IP try to login in your account.

No! I use Bitcointalk from all over the place, so I would have to deal with such messages constantly. Sites that use them typically send them from spammy networks, so I usually have to grep through spam filter logs to find them. This is a great forum, but having to go through that kind of trouble would be too much.

[bitmover]

There is already an authentication email sent once you try reset the password and/or change your email.

Thanks, I was not aware of that, as I never tried to change those.
I think it does the job.

[Welsh]

I think it's best left how it is right now. Only sending notifications when details are changed on the account. Requiring a authentication email every time you log in would become very tedious. If it was optional then that would probably suit those who want extra security and those who want ease of access and not jump through loop holes every time they want to log in.

[Lesbian Cow]

There is already an authentication email sent once you try reset the password and/or change your email.

How about offering 2fa on log in as a user opt in?   

[actwo]

There is already an authentication email sent once you try reset the password and/or change your email.

A hacker changed my password then my email address with out access to my email. I have sent you an PM with proof of my identity.

Thank you

[jhenfelipe]

Implement a log-in authorization by e-mail every time a different IP try to login in your account.

If there will be several options, authorization before the account will be accessed using a different device would be good too imo. A bit hassle only to those who don't have their own device to open bitcointalk.

There is already an authentication email sent once you try reset the password and/or change your email.

As announced by theymos here https://bitcointalk.org/index.php?topic=2282758.0 (if someone wants to look for it)

[AzureDragon]

It seems to me that in such circumstances the developers of the forum have to seriously think about the introduction of two-factor authorization.

[hilariousandco]

There is already an authentication email sent once you try reset the password and/or change your email.

A hacker changed my password then my email address with out access to my email. I have sent you an PM with proof of my identity.

Thank you

Then you should have received en email where you can lock the account. I can't do anything about restoring accounts so you'll need to PM an admin but if you haven't got a valid signed message you might as well forget about it because even accounts with them are taking months to be restored if they're being restored at all.