An idea to secure online platforms

[Birdy]

I have an idea to make online platforms more secure against hacking attempts:

The user setups a fixed outgoing Bitcoin adress.
Whenever he wants to receive funds, it can only go to this adress.
He is able to change this adress, BUT it takes a set amount of time until the new adress is accepted and the user also get notified about this change (mail, sms whatever).

If your account is hacked, because your password was stolen, the hacker cannot do a thing to your money.
(In case of exchange platforms, he still is able to do some damage, but at least it's a bit harder)


Some more deails:
If you want to let the user choose the amount of time, changing this will also take effect according to the old timer.
If the mailadress/mobile number is changed, there also needs to be notification to the old adresses.
You could also allow more than one adress, if you apply the same rules to them.

-> The idea is simple, easy and cheap to implement and offers a great deal of security, while giving the user nearly no trouble.

(If you use this idea to a success, tip me a good deal xD)

[empoweoqwj]

Simpler idea - don't store your bitcoins online

[Birdy]

Simpler idea - don't store your bitcoins online

Even simpler idea - have no money *facepalm*

There are lot of reason to have some online.
Also this method should be quite secure.

You could also use it for the fiat money accounts.

[Birdy]

shameless bump

[Birdy]

Ok, there is one disadvantage, if you want to send those coins to someone else, you will have to wait two times for transaction.
But I still think it would be a pretty strong optional security feature, there are a lot of people that are satisfied with sending the coints to some fixed adresses.

[TiagoTiago]

Ok, there is one disadvantage, if you want to send those coins to someone else, you will have to wait two times for transaction.
But I still think it would be a pretty strong optional security feature, there are a lot of people that are satisfied with sending the coints to some fixed adresses.

It also reduces the usefulness of online wallets a lot. I mean, if you can't send money to anyone else, even people on the same service, it's almost like your online wallet isn't online at all, but on a flash drive cleverly hidden somewhere in your kitchen...

[Birdy]

Ok, there is one disadvantage, if you want to send those coins to someone else, you will have to wait two times for transaction.
But I still think it would be a pretty strong optional security feature, there are a lot of people that are satisfied with sending the coints to some fixed adresses.

It also reduces the usefulness of online wallets a lot. I mean, if you can't send money to anyone else, even people on the same service, it's almost like your online wallet isn't online at all, but on a flash drive cleverly hidden somewhere in your kitchen...

Well, if you have this is as nonmandatory option, then your onlinewallet can be both. You could have one wallet with more flexibilaty and/or one with more safety.
This is desireable, isn't it?

[aes1]

It like the idea.

That's also how the majority of Finnish money-handling companies (such as stock trading services and investment banks) operate with bank accounts: you have to register a withdrawal account that is only changeable by a stronger method of authentication than usual.

Of course, I'm all for letting the user decide the balance of security vs. convenience. But it's the service's responsibility to remind the user that relying on a password only is a bad idea. Java applet vulnerabilities, stolen password databases, keyloggers, man-in-the-middle attacks, DNS spoofing... the risks are quite real.

[aes1]

It also reduces the usefulness of online wallets a lot. I mean, if you can't send money to anyone else, even people on the same service, it's almost like your online wallet isn't online at all, but on a flash drive cleverly hidden somewhere in your kitchen...

Well, if you have this is as nonmandatory option, then your onlinewallet can be both. You could have one wallet with more flexibilaty and/or one with more safety.
This is desireable, isn't it?

Actually, now that I think again... Suppose you decide to hack into and steal money from an online wallet service. Which is a more likely target: an online wallet with mandatory secure measures, or one without them?

[Birdy]

It also reduces the usefulness of online wallets a lot. I mean, if you can't send money to anyone else, even people on the same service, it's almost like your online wallet isn't online at all, but on a flash drive cleverly hidden somewhere in your kitchen...

Well, if you have this is as nonmandatory option, then your onlinewallet can be both. You could have one wallet with more flexibilaty and/or one with more safety.
This is desireable, isn't it?

Actually, now that I think again... Suppose you decide to hack into and steal money from an online wallet service. Which is a more likely target: an online wallet with mandatory secure measures, or one without them?

Well that's a trade security vs useability (dunnow if it's worth it or not, maybe).
It could be the standard option - so most users would have it on and only some that dislike it don't have it, if it's mandatory some users might dislike this due to having to send BC two times.
Or there could be other methods offered for those who don't like it (people love having a choice ^^)