Which of the two will you choose as a gambler?

[coinfinger]

I prefer the 2nd method because while it is more time consuming but it offers complete security and there is no way someone can access my coins and withdraw them.

The first option is good but it reminds me of a incident where a scammer used a new trick to collect emails, he would offer a lucky draw and you just have to enter your email id and hence you feel no problem and later they will use those email ids to try and brute force passwords and then sell the ids for spam.

I always thought there could be a easy way to security but for now the 2nd one is the best even though its a bit of time consuming.

[deisik]

The first option is good but it reminds me of a incident where a scammer used a new trick to collect emails, he would offer a lucky draw and you just have to enter your email id and hence you feel no problem and later they will use those email ids to try and brute force passwords and then sell the ids for spam

You can't brute force a 2FA code

For the simple reason it is a time-based one-time pass code (the most widespread variety that I know of). It changes every minute, and after it expires it is less than useless. The only way to get around 2FA is to get the secret phrase (or a QR-code associated with it). But if you are using a mobile device for its generation, to pull off this trick would require hacking both your email and the device itself. Not a totally impossible task on its own but a feat that would most certainly call for more than just one method of penetration, like a lot of social engineering coupled with direct physical access (forum was partially hacked this way a few years ago)

[xSkylarx]

The safest would be option 2. It is just like keeping your own seed to make sure your account is secured. In option 1, once your e-mail had been compromised by a hacker, the password and any other access can be changed. Each has their own strength, convenience and weaknesses, it all depends on how you keep your credentials secured and your computer clean..

[Japinat]

We got a tied votes here, : option 1 : 17 and option 2 :17

I voted for option 2 because I like my account to be safer, IMO, email can be hacked easily so it's right to secure your account with key based.
Personally, I have done that to many of my gambling site accounts, in different gambling sites of course and I hope all gambling site will add that kind of security features to ensure the safety of the users account.

[TheGreatPython]

Option 1: Email Based Authentication


Option 2: Keys Based Authentication

I will go with the email based authentication. I am a part time gambler and therefore i do not put a big amount of money on gambling sites. So i will prefer an easy authentication method based on email. If i had a lot of money deposited on gambling sites, then for sure the Keys Based Authentication best suited me.

This gives me a new idea where the gambling sites could actually ask the gambler to choose their own security option and the gambler knows if he will be playing small or big and hence he can decide the method based on that.

There can be another way where the website asks you a simple security code of 6 digits and you just have to remember that and enter it every time you withdraw this times both energy, time and resources. Alternative you can set some security questions maybe that you can answer and withdraw your funds and there are numerous other ways to set a easy yet string security for gamblers.

[webtricks]

Thank you everyone for your suggestions. I have read all posts and even though voting shows 50/50 response but the overall conclusion is that most of the people prefer Option 1 as they prefer for convenience and ease the most. With additional 2FA layer, everything is quite safe, making Option 1 the preferable choice among casinos and players.

The team was considering Option 2 because it has more flavor for cryptocurrency users. A person who prefers keeping full control of his funds (by using cryptocurrencies with private key security) would like keeping full control of his casino account too. But it turns out, people don't consider that much.

Some people questioned that Option 1 is completely safe and there's no reason why one should make things more complicated by using Option 2. Well, to certain degree that's true. But every system that is dependent on third party (email in this case) cannot be considered entirely safe. There is high chance that important information may leak in transition which is entirely out of user's control.

This gives me a new idea where the gambling sites could actually ask the gambler to choose their own security option and the gambler knows if he will be playing small or big and hence he can decide the method based on that.

I don't think any website would do this because it will make very difficult to maintain single database and unnecessarily create complication in the working of MVC (Model-View-Controller).