|
SureLockLoans (OP)
|
 |
January 17, 2015, 12:28:42 PM |
|
I've set the security question on my account and I've read its not recommended even though noo one would possibly guess it how can I reset/disable it?
|
|
|
|
|
|
|
The trust scores you see are subjective; they will change depending on who you have in your trust list. |
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
SureLockLoans (OP)
|
|
January 17, 2015, 05:38:03 PM |
|
Is it even possible to reset the security question here or am I just missing something? I searched the forums via google and cant find anyone mentioning reseting the question any staff have any input?
|
|
|
|
|
KIRAZ
|
|
January 17, 2015, 05:40:17 PM |
|
To change just put a new questions and answer in your profile. Enter you password and hit Change profile.
That's how you can change it. Profile - Account Related Settings - Secret Question:
|
|
|
|
|
|
MakeBelieve
|
|
January 18, 2015, 12:44:46 AM |
|
once you have set it you can only change it again and not reset. well it least used to be like that when i was a moderator on a smf gaming forum.
|
On a mission to make Bitcointalk.org Marketplace a safer place to Buy/Sell/Trade
|
|
|
Quickseller
Copper Member
Legendary
 Offline
Activity: 2870
Merit: 2298
|
|
January 18, 2015, 01:08:24 AM |
|
Just delete it. Make sure nothing is there in either the security question nor the security answer. Then enter your password and click Change Profile.
You are right, you really should not be using a security question
|
|
|
|
|
|
SureLockLoans (OP)
|
|
January 18, 2015, 01:12:34 AM |
|
Just delete it. Make sure nothing is there in either the security question nor the security answer. Then enter your password and click Change Profile.
You are right, you really should not be using a security question
thanks! can I get confimation from the staff that this actually works though because I dont want to do it and then someone just enters with it left blank and can get access. |
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5194
Merit: 12972
|
|
January 18, 2015, 06:39:57 AM |
|
Yes, just keep it blank. Make sure that the secret question area isn't full of whitespace characters. (Spaces don't count, but some other whitespace/invisible characters do.)
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
sho_road_warrior
Member
Offline
Activity: 114
Merit: 10
PMs blocked, send answers to main.
|
|
January 18, 2015, 07:54:38 AM |
|
-snip-
You are right, you really should not be using a security question
If used correctly it can work as a second password. A security question which has an answer that can easily obtained by social engineering and/or research online is certainly worthless. Examples would be: What is your mothers maiden name? -> answer: *mothers maiden name* What is the name of your first pet? -> answer: *name of first pet* etc. A good use of the system would be to phrase a meaningless question and put another password as the answer, e.g.: Want some coffee? -> answer: *WtQjXeWGHSYmJuFEDvzBa2V* If you store the answer in a secure location you have a fallback login should you ever forget your usual password. |
┏(-_-)┛┗(-_- )┓┗(-_-)┛┏(-_-)┓
|
|
|
|
madmax6688
|
|
January 18, 2015, 09:53:49 AM |
|
-snip-
You are right, you really should not be using a security question
If used correctly it can work as a second password. A security question which has an answer that can easily obtained by social engineering and/or research online is certainly worthless. Examples would be: What is your mothers maiden name? -> answer: *mothers maiden name* What is the name of your first pet? -> answer: *name of first pet* etc. A good use of the system would be to phrase a meaningless question and put another password as the answer, e.g.: Want some coffee? -> answer: *WtQjXeWGHSYmJuFEDvzBa2V* If you store the answer in a secure location you have a fallback login should you ever forget your usual password. Instead just use an email, security questions aren't really needed if you use a strong email. |
|
|
|
|
sho_road_warrior
Member
Offline
Activity: 114
Merit: 10
PMs blocked, send answers to main.
|
|
January 18, 2015, 11:10:12 AM |
|
-snip-
Instead just use an email, security questions aren't really needed if you use a strong email.
As we have seen recently with the GMX related hacks your email might not as strong as you think it is. The security of your email depends on a 3rd party. They might do a poor job. Especially if you are not even paying them for their services, they might be lacking the motivation and means to thoroughly protect their servers and customers. Google seems to be different in that regard though. |
┏(-_-)┛┗(-_- )┓┗(-_-)┛┏(-_-)┓
|
|
|
SebastianJu
Legendary
Offline
Activity: 2674
Merit: 1082
Legendary Escrow Service - Tip Jar in Profile
|
|
July 22, 2015, 10:53:42 AM |
|
-snip-
You are right, you really should not be using a security question
If used correctly it can work as a second password. A security question which has an answer that can easily obtained by social engineering and/or research online is certainly worthless. Examples would be: What is your mothers maiden name? -> answer: *mothers maiden name* What is the name of your first pet? -> answer: *name of first pet* etc. A good use of the system would be to phrase a meaningless question and put another password as the answer, e.g.: Want some coffee? -> answer: *WtQjXeWGHSYmJuFEDvzBa2V* If you store the answer in a secure location you have a fallback login should you ever forget your usual password. Old thread, i know, but i sat up a security question the way you wrote. I entered a strong password as the answer. I thought it might be good to have a higher level of security though now i wondered if thats the case at all. Is the secret answer treated the same way like the password? I mean hashed and all? Or did i open a security hole now? Besides that, i start to ask if i can raise security with it at all. I mean if you have 2 passwords or one doesnt really make a difference when you can use both on its own. |
Please ALWAYS contact me through bitcointalk pm before sending someone coins.
|
|
|
shorena
Copper Member
Legendary
Offline
Activity: 1498
Merit: 1499
No I dont escrow anymore.
|
|
July 22, 2015, 02:50:11 PM |
|
-snip-
You are right, you really should not be using a security question
If used correctly it can work as a second password. A security question which has an answer that can easily obtained by social engineering and/or research online is certainly worthless. Examples would be: What is your mothers maiden name? -> answer: *mothers maiden name* What is the name of your first pet? -> answer: *name of first pet* etc. A good use of the system would be to phrase a meaningless question and put another password as the answer, e.g.: Want some coffee? -> answer: *WtQjXeWGHSYmJuFEDvzBa2V* If you store the answer in a secure location you have a fallback login should you ever forget your usual password. Old thread, i know, but i sat up a security question the way you wrote. I entered a strong password as the answer. I thought it might be good to have a higher level of security though now i wondered if thats the case at all. Is the secret answer treated the same way like the password? I mean hashed and all? Or did i open a security hole now? Besides that, i start to ask if i can raise security with it at all. I mean if you have 2 passwords or one doesnt really make a difference when you can use both on its own. As we learned from the last hack, theymos adviced to not use the secret question any longer as it indeed does not meet the same security features as the password. On May 22 at 00:56 UTC, an attacker gained root access to the forum's server. He then proceeded to try to acquire a dump of the forum's database before I noticed this at around 1:08 and shut down the server. In the intervening time, it seems that he was able to collect some or all of the "members" table. You should assume that the following information about your account was leaked:
- Email address
- Password hash (see below)
- Last-used IP address and registration IP address
- Secret question and a basic (not brute-force-resistant) hash of your secret answer
- Various settings
As such, you should change your password here and anywhere else you used that same password. You should disable your secret question and assume that the attacker now knows your answer to your secret question. You should prepare to receive phishing emails at your forum email address.
-snip-
In terms of "how to disable it" the answer was given to remove every symbol (including whitespaces, so make sure you delete everything) and save changes. |
Im not really here, its just your imagination.
|
|
|
BadBear
v2.0
Legendary
Offline
Activity: 1652
Merit: 1127
|
|
July 22, 2015, 04:16:50 PM |
|
Regarding the OP, it was changed recently, don't think it was ever mentioned, but it now has red text to the left, under the descriptive text for the Answer field.
"You have a secret question set. This is not recommended."
It goes away if there is no question set.
|
|
|
|
SebastianJu
Legendary
Offline
Activity: 2674
Merit: 1082
Legendary Escrow Service - Tip Jar in Profile
|
|
July 22, 2015, 07:29:29 PM |
|
Ok, ill disable it instantly. I was of the impression that this red text is only showing up because the normal use of such a question is to set up something you know and can remember, which might mean hacker can guess what you used as the answer.
Disabling now... might be better to disable that function completely then.
|
Please ALWAYS contact me through bitcointalk pm before sending someone coins.
|
|
|
|
