bitcointalk.org email change

[PhoneBloks]

I noticed that when I try to change e-mail, all I need to do is enter forum password. I found this very weak, I would recommend add security measure that if user wants to change his e-mail, confirmation e-mail will be sent to current! e-mail ...

This will help recover bitcointalk account in case it is hacked... if hacker has forum password, he wont be able change e-mail and take full control over account.

What do you think moderators ? Is it possible add such feature ? ... It is technically possible ...but is there will add it ? I personally would be very thankful for such feature.

[pekv2]

Like a confirmation through email first, PW and email change. Or put a lock down lock on it to lock it "forever". Like bitcoin addy at mining websites.

[PhoneBloks]

Like a confirmation through email first, PW and email change. Or put a lock down lock on it to lock it "forever". Like bitcoin addy at mining websites.

Yes something like that but if there will be option "lock down" and forever ... imagine that user doesnt have this option checked and his account is hacked and new owner (hacker) will enable it

So i would prefer email confirmation if user want to change his email

[sumana]

also it should email abt change of email to old email once IMO

[pekv2]

Like a confirmation through email first, PW and email change. Or put a lock down lock on it to lock it "forever". Like bitcoin addy at mining websites.

Yes something like that but if there will be option "lock down" and forever ... imagine that user doesnt have this option checked and his account is hacked and new owner (hacker) will enable it

So i would prefer email confirmation if user want to change his email

Well see it could go like this. Confirmation to email for pw change, email change and email lock forever. Click verification link in email todo either three of these would eliminate a cracker from doing major damage to your account, like locking email, changing pw or even changing email. Everything should be done through a confirmation email verification link. And if the verification link is not activated, it would expire the verification link within 3 hours or even one hour should do.

[PhoneBloks]

Like a confirmation through email first, PW and email change. Or put a lock down lock on it to lock it "forever". Like bitcoin addy at mining websites.

Yes something like that but if there will be option "lock down" and forever ... imagine that user doesnt have this option checked and his account is hacked and new owner (hacker) will enable it

So i would prefer email confirmation if user want to change his email

Well see it could go like this. Confirmation to email for pw change, email change and email lock forever. Click verification link in email todo either three of these would eliminate a cracker from doing major damage to your account, like locking email, changing pw or even changing email. Everything should be done through a confirmation email verification link. And if the verification link is not activated, it would expire the verification link within 3 hours or even one hour should do.

Yes this solution is best ... it would eliminate potential hack to minimum

We should contact some moderators with this idea and see if they will be willing to update system ... i think those additional security measures should be optional so only those who are interested in, should turn them on

Maybe I should create poll ...but I do not see option here to do, it is only possible with new topic ?

[jbrnt]

If changing an email required someone to click on a confirmation link from the old email account, then one can never change email if the old email is inaccessible or hacked. I remember form when I first registered, there was no confirmation email sent to the registered email, so what happens if there is a typo in the email address? That will result in a wrong email in the profile forever...

[pekv2]

If changing an email required someone to click on a confirmation link from the old email account, then one can never change email if the old email is inaccessible or hacked. I remember form when I first registered, there was no confirmation email sent to the registered email, so what happens if there is a typo in the email address? That will result in a wrong email in the profile forever...

This is assuming the person knows what he/she is doing. And don't make typo's on serious stuff like this, not copy and paste email, always type it to make sure it matches.

[PhoneBloks]

If changing an email required someone to click on a confirmation link from the old email account, then one can never change email if the old email is inaccessible or hacked. I remember form when I first registered, there was no confirmation email sent to the registered email, so what happens if there is a typo in the email address? That will result in a wrong email in the profile forever...

What you wrote may happen. And it happens often you are right. But nowadays, lot of big e-mail companies, gmail, yahoo etc .. has very good security measures, if you lost your e-mail password or your account is hacked, there is very high chance you can recover your email, using your telephone number, secondary email, security q/a.

I use gmail and it has great function that it prevents you from loggin in if your IP is different than mine. So I can give you my password and you wont be able to login (Sure thing there is way how to login ..but it was meant that security of e-amils is very high)