Warning about blockchain.info wallet aliases

[odolvlobo]

I occasionally get notifications about somebody trying to access my blockchain.info wallet. It has been a concern. After all, how do they know my account identifier? Do I have a key logger on my computer?

I believe that the reason for the login attempts is that I gave my account an "alias".


When you create a blockchain.info wallet, you can give it a name, or "alias". This allows you to access your wallet without knowing the account identifier.

For example, there is a wallet with the alias "wallet". You can attempt to log into that wallet by going to this address http://blockchain.info/wallet/wallet, or by entering "wallet" into the identifier field. Since blockchain.info has never seen your IP, they will send a notification to the owners email. (I would like to apologize to the person who owns that wallet for telling everyone about his alias. He is going to get deluged with login attempt notifications if he isn't already.)

I believe that the reason I get occasional login attempt notifications is that the alias of my wallet is a fairly common word related to Bitcoin, and people just randomly decide to try it, or perhaps somebody is guessing aliases in order to possibly hack a wallet.

The danger is that I might accidentally authorize the login. If I do, then the hacker is given an encrypted copy of the wallet (I believe). I am unlikely to authorize the attempt and my wallet has an unbreakable password (very long and randomly-generated) so I'm not worried. But, ...

If you give your wallet a simple alias and you choose a stupid password, then the probability of your bitcoins being stolen is high. All you have to do is to accidentally authorize a login.

[Alaki]

Yep, I'd guess that a single person's trying to hack everyone. Mah wallet's hacked as well a few days ago and they did steal mah 0.22BTC. Mah big mistake was I didn't use 2FA.

[notlist3d]

Yep, I'd guess that a single person's trying to hack everyone. Mah wallet's hacked as well a few days ago and they did steal mah 0.22BTC. Mah big mistake was I didn't use 2FA.

I can not stress enough if 2FA is offered on a site dealing with hot wallets use it.   I went one step further on my Blockchain.info hot wallet using a Yubikey - https://bitcointalk.org/index.php?topic=1353231.0 .  With this they have to have my password and my yubikey which is a physical token (2fa) to log into my account.

Also treat blockchain.info as a hot wallet keep spending cash on it.  Do not stockpile a lot in it.

[~BitSy~]

I'm pretty much sure that if someone tires to use a alias name similar to someone already have then there will be an error of name being taken but if they just try to randomly to put an alias name in the log in information with the hope of guessing the password then the chances of it is very minimal unless the data base was somehow leaked. Also I don't think anyone would actually just authorize the attempt unless their the one who are attempting to log in but none-less thanks for the heads up.

[Herbert2020]

....
The danger is that I might accidentally authorize the login. If I do, then the hacker is given an encrypted copy of the wallet (I believe). I am unlikely to authorize the attempt and my wallet has an unbreakable password (very long and randomly-generated) so I'm not worried. But, ...

If you give your wallet a simple alias and you choose a stupid password, then the probability of your bitcoins being stolen is high. All you have to do is to accidentally authorize a login.

correct me if i am wrong but even authorizing that login attempt will not lead to losing your wallet because they will still need your password in order to login. because in order to access the wallet you need to have identifier or alias plus login password and in case you have enabled it 2FA code.

[BitcoinSupremo]

Thats a good warning about the worst of the worst web wallets out there, which strangely is the most used one. Is it so difficult for people to download a desktop wallet ,encrypting it with a very strong password rather than logging in everyday to some website which offers to hold your bitcoins ? I will never understand this as why people don't use a desktop wallet like Multibit,MultibitHD or Electrum which are very easy to use and you are in charge more than in  a web wallet, although chances of getting hacked exist in these wallets too, but are extremely low compared to the web wallet which has the most hacked accounts in whole bitcoin history.

[twister]

All those replying with the paid sig, he can't see you.

[~Bitcoin~]

I think you may have entered your blockchain wallet aiases in one of the blockchain fishing site so that they know your aliases and try to login into your blockchain.info account with same password you  may have entered in fishing site. Look at the domain of blockchain.info before entering any data.

[odolvlobo]

All those replying with the paid sig, he can't see you.

That's not completely true. I see the posts but not the contents of the posts. I sometimes read posts that are hidden (by clicking show/hide). I generally stop reading the paid sig posts when a thread starts getting long. At that point, people are primarily posting just to increase their post count.

[OROBTC]

...

There are two techniques that you can use to fortify your blockchain.info wallet:

1)  As mentioned above, use 2FA.  blockchain even has their own "little" 2FA, a second password when sending money or creating a new address.

2)  I LIKE the alias, but pick one that is "hard", not a BTC-related alias, or other common word.  Try an obscure foreign word (etc.)!  Or misspell...