Additional security measures to keep account secure

[PX-Z]

I appreciate every suggestions in security measures but i feel this is only happens ^{(getting hacked)} because of user's carelessness. Unless there is really a loophole in the website's security that needs to fix.

Why it didn't happened to me before? Or to someone else? Your account's security is your responsibility, same like your bitcoin private keys.

[Agbe]

In order to reduce or limit the hacking of bitcointalk accounts, more security features can be introduced. I am also adding one suggestion here to get this thread started:

There should be option for high rank members to activate email verification. From time to time, when the member logs in using the username and password, it should send an code to the email to be entered on bitcointalk for login. While login, there should be option to trust the device for some days so that it does not affect user experience.
 
Same way, other security features can also be implemented. Let us discuss these in this thread.

Your suggestion is good because securing your account is one the priority in the forum. I believed email verification is already existing. If someone want to change his or her password the forum software would automatically inform you through your email. Changing of the password at  anytime will be also decide by the person. Trusting of the device is also good but locking the account for some days will never work well with the user, because if the user is in a campaign and the user account is suspended for some days, that means the user miss his or her work within those days. Therefore, that will not work well for for the forum. So I strongly disagreed with you on that part which you said, "the device should be trusted for some days", that means indirectly, the account would not be working for these days you are saying. Now if the person is in a campaign, what the person would do in this period of time?

[Igebotz]

Lol Not a bad idea, but why would anyone go through such trouble to post on a simple forum where sensitive documents are not stored? Even someone who stores bitcoin exchanges is not subjected to such troubles. Account hacking and other issues can be solved by using 2FA or a secret question before logging in.

If I remember correctly then it was really easy to access the account using the bitcoin address. I understand it's a forum. The way everyone is worried about their account and suggesting several things I thought why not I go with mine too LOL

With email verification you are giving away your anonymity to the email service providers. Email can be hacked, people do not take it seriously as they take their private keys.
Theymos is not going to add 2FA, I don't know how hard it is.

Every opinion counts, no matter how awkward some of them sound, but the forum's security is fine with me because I don't have to go back to my email to get a login code or click a link in my email to access my account, and as for the 2FA, I'd say the site doesn't require it. The best way to protect your account is to use disposable emails. I believe this was the case back then, and it was extremely difficult for someone's account to be hacked via email addresses.

To be honest, we are fine with staking bitcoin address. If anything happen to your account, you can always provide proof of ownership and get back the account.

What if you lose access to your staked address private keys/wallets? Many people were fcked up as a result of this. Is this option reliable enough?

[Lucius]

What if you lose access to your staked address private keys/wallets? Many people were fcked up as a result of this. Is this option reliable enough?

For some, this method is reliable because private keys are something that anyone who understands what it is, pays the greatest possible attention to. So if someone manages to hack my BTT account and the email associated with it, I'm sure I still have the option to recover my account using the signed address. Anyone who can't follow these simple rules shouldn't even be online.

An additional measure that exists is also recovery via IP address, although I assume that this is only usable for those who do not use VPN/Tor.

[Asiska02]

If an email is not frequently used to send reminders to users to confirm their username and password, then this is not a bad idea. If such a security feature is ever put into place in the future, the 2FA can also be used for this. Since everyone is educated here about the fundamental security precautions they must take even with their bitcoin account wallets, I don't think account hacking occurs much here. Everyone is probably extra cautious and aware of the warning signs that a hacker is attempting to access their account. So also, I believe that the security measure should apply to every account on the forum, regardless of rank, rather than just those with high ranks.

[Igebotz]

What if you lose access to your staked address private keys/wallets? Many people were fcked up as a result of this. Is this option reliable enough?

For some, this method is reliable because private keys are something that anyone who understands what it is, pays the greatest possible attention to. So if someone manages to hack my BTT account and the email associated with it, I'm sure I still have the option to recover my account using the signed address. Anyone who can't follow these simple rules shouldn't even be online.

It is important to note that 99% of the world's internet users are not using the internet to learn about how to secure private keys. Furthermore, there is no single 80% secure way to save private keys; they are lost over time due to accident, malware attacks, phishing attacks, and most of the time our gadget is stolen or broken down. Offline save is not safe, nor is online save, and because there is no 100% proven way to secure private keys, we will continue to post stories about lost private keys on the internet. I don't know about you, but I throw away my wallets every two years. Staked addresses help, but they are insufficient.

An additional measure that exists is also recovery via IP address, although I assume that this is only usable for those who do not use VPN/Tor.

If this was the case then I'm sure 100% of Russians here cannot retrieve via IP address.

[Mpamaegbu]

There should be option for high rank members to activate email verification.

What will be the reason to only let high rank members enjoy this privilege that you've proposed? If anything, I think the proposed feature should be on every member's account with option to activate it or not if anyone wants. Letting only certain ranks enjoy it, for me, will be irrational and discriminatory. It should be the same way exchanges allow users (even newly registered ones) access to authentication features and then one chooses when and which features to activate. This forum is big enough to implement something similar. I think the call for 2FA authenticator is beginning to hit up. Who knows, theymos may see the need for it now and do something about it.

[aysg76]

You are telling the forum to give our data to email service providers like Gmail, Yahoo or whatever the provider. They get the IP and other log that we have an account in the forum. No, it's not gonna happen.

And most of the forum users have the Gmail account and we know how much risky it could be because they might not be having proton mail for it or say seperate mails for forum.Your mail data could be compromised and hackers could have access to your mail and the breach could happen anytime so it's more of risk factors then safety.

I would be more frustrated when I have to authenticate my code each time through mail while logging on the forum as sometimes I use my mobile browser also and have to login my mail also and this could be frustrating for me as well.

For account security, staking a bitcoin address to use for proof of ownership is the best idea so far.

That's the best case for your account recovery and prove you are the real owner of the account and it can be verified also.

[Lucius]

It is important to note that 99% of the world's internet users are not using the internet to learn about how to secure private keys.

They are not even important in this story, because here we are discussing additional ways to protect the accounts of the members of this forum. Each of them should know what a private key is, and how it can help them protect their BTT account.

Furthermore, there is no single 80% secure way to save private keys; they are lost over time due to accident, malware attacks, phishing attacks, and most of the time our gadget is stolen or broken down. Offline save is not safe, nor is online save, and because there is no 100% proven way to secure private keys, we will continue to post stories about lost private keys on the internet.

There are ways that are 99% safe, because nothing is 100%, and everything you listed can be avoided and prevented. Careless people keep losing their devices, becoming victims of malware and phishing, but do you think any additional protection would help them? From 2014 until today, I have not lost a single address, let alone a private key, nor have I been a victim of malware/phishing - and I am no expert in online security, but an average internet user who has learned some basic things that make me relatively safe when I am online.

I don't know about you, but I throw away my wallets every two years. Staked addresses help, but they are insufficient.

It's the first time I've heard of such a strategy, and I don't see the point in it. I keep everything related to Bitcoin no matter how unimportant it seems, because I never know if I will ever need it. It's not that I need a warehouse for that, everything fits on a regular USB stick that costs a few $.

[Doan9269]

There should be option for high rank members to activate email verification. From time to time, when the member logs in using the username and password, it should send an code to the email to be entered on bitcointalk for login

Why do you think that should be included now, don't you think since the requirement for verifying email address used was not needed right from point of registration, getting that into consideration now wouldn't create something new but rather deviate from the initial reasons why it was not needed from the first time, and be it newbie or legendary, a user is a user and preference must not be considered over each other, the more the privacy needed for individuals here which the forum created and respect the fact that it needed to be maintained.

Same way, other security features can also be implemented

No need for further process to this than the ones in place, just ensure that your email is truly accessible by you in case of when there's compromise because that's your last hole to retain your account by then, forum cannot be responsible for any irresponsible negligence on user's account.