Bitcoin Forum
December 10, 2019, 05:35:53 AM *
News: Latest Bitcoin Core release: 0.19.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: 1 2 3 [All]
  Print  
Author Topic: PSA: ACCOUNTS WILL BE LOCKED IF THE SECRET QUESTION IS USED TO RECOVER IT  (Read 4120 times)
achow101
Staff
Legendary
*
Offline Offline

Activity: 1974
Merit: 2951


bc1qshxkrpe4arppq89fpzm6c0tpdvx5cfkve2c8kl


View Profile WWW
October 12, 2015, 09:52:12 PM
 #1

This is a Public Service Announcement:

If you lose your password, DO NOT USE THE SECRET QUESTION TO RECOVER THE ACCOUNT. It will result in your account being locked. Please use the email recovery option to recover the account.
The reason that the accounts are locked is because the May 2015 hack leaked Bitcointalk's database which did not securely secure the Secret Question and Answer. To prevent people from guessing the answers, theymos made it so that accounts that are recovered using the secret question are automatically locked when the option is attempted. This is to prevent hackers who may be able to guess the answers from the leaked database.

If you have had your account locked, to recover it, please send and email to the email displayed on your screen when you try to login. You can also create a new account and pm both theymos and badbear. In the email and PM, to prove your identity, You MUST sign a message with a bitcoin address that you have posted previously, at least 2 months prior. Please be patient. Theymos and BadBear are busy people. Your email or pm may become lost among all of the other stuff that they have to do. You should resent your email and pm once a week so that they will see it and get around to you. If you need help signing a message, check this thread: https://bitcointalk.org/index.php?topic=990345.0

If you haven't lost your password yet or you have regained access to the account, don't set the secret question, it can be a hassle. Make sure that you have the email set to an email address that you can access. That will make everything so much easier and will not require the long recovery process.

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1575956153
Hero Member
*
Offline Offline

Posts: 1575956153

View Profile Personal Message (Offline)

Ignore
1575956153
Reply with quote  #2

1575956153
Report to moderator
1575956153
Hero Member
*
Offline Offline

Posts: 1575956153

View Profile Personal Message (Offline)

Ignore
1575956153
Reply with quote  #2

1575956153
Report to moderator
whywefight
Legendary
*
Offline Offline

Activity: 1078
Merit: 1038


www.explorerz.top


View Profile
October 12, 2015, 10:19:17 PM
 #2

I dont get why it is still possible to use it as a lot of ppl lock themself out... or just wipe all q and as out so ppl have to put in new ones...

Quickseller
Copper Member
Legendary
*
Offline Offline

Activity: 1988
Merit: 1771



View Profile WWW
October 12, 2015, 10:29:02 PM
 #3

I think this was suppose to be a secret.

Find the fire hydrant in my Avatar for a prize.
jacee
Legendary
*
Offline Offline

Activity: 1330
Merit: 1024


View Profile WWW
October 12, 2015, 10:32:55 PM
 #4

So that is the reason why I locked myself before when I reset my account with the security question.So what then is the use if that feature if it can't be used properly? As for me I always want a secret question attached in all my accoints even outside this forum so I thought it's a good thing but then it's not. Why can't they just reset it all again anyway?
achow101
Staff
Legendary
*
Offline Offline

Activity: 1974
Merit: 2951


bc1qshxkrpe4arppq89fpzm6c0tpdvx5cfkve2c8kl


View Profile WWW
October 12, 2015, 10:37:13 PM
 #5

I think this was suppose to be a secret.
Why?

I made this since I always see at least 3 threads in the front page meta where people are complaining about being locked out of their accounts and they all tried to use the secret question to recover it.

achow101
Staff
Legendary
*
Offline Offline

Activity: 1974
Merit: 2951


bc1qshxkrpe4arppq89fpzm6c0tpdvx5cfkve2c8kl


View Profile WWW
October 12, 2015, 10:38:18 PM
 #6

So that is the reason why I locked myself before when I reset my account with the security question.So what then is the use if that feature if it can't be used properly? As for me I always want a secret question attached in all my accoints even outside this forum so I thought it's a good thing but then it's not. Why can't they just reset it all again anyway?
I dont get why it is still possible to use it as a lot of ppl lock themself out... or just wipe all q and as out so ppl have to put in new ones...
I don't know. Ask theymos, he made it that way.

Quickseller
Copper Member
Legendary
*
Offline Offline

Activity: 1988
Merit: 1771



View Profile WWW
October 12, 2015, 10:47:11 PM
 #7

I think this was suppose to be a secret.
Why?
I believe it was secret because the answers to the secret questions were leaked when the forum was hacked, and this data was stored in a way that would be fairly easy to hash the data to get the plaintext answers. Since it would be so easy to hack accounts via secret questions, accounts would need to be manually checked by an admin prior to allowing them to have their password reset this way. It should have been a secret so people who were attempting to hack accounts would not know which attack vectors were not going to work, discouraging people to even attempt to hack accounts.

What I find very strange is how tspacepilot's account was hacked, or at least "hacked" and then so quickly restored by theymos with the help of dooglus. Especially considering how most of these requests usually take weeks.

Find the fire hydrant in my Avatar for a prize.
achow101
Staff
Legendary
*
Offline Offline

Activity: 1974
Merit: 2951


bc1qshxkrpe4arppq89fpzm6c0tpdvx5cfkve2c8kl


View Profile WWW
October 12, 2015, 11:19:22 PM
 #8

I think this was suppose to be a secret.
Why?
I believe it was secret because the answers to the secret questions were leaked when the forum was hacked, and this data was stored in a way that would be fairly easy to hash the data to get the plaintext answers. Since it would be so easy to hack accounts via secret questions, accounts would need to be manually checked by an admin prior to allowing them to have their password reset this way. It should have been a secret so people who were attempting to hack accounts would not know which attack vectors were not going to work, discouraging people to even attempt to hack accounts.
Huh. I could've sworn I saw a post by theymos himself saying that accounts were being locked if the security question was being used to unlock them. But now I can't find any such post.

I suppose I will leave this up since it may help people who lock themselves out. If it's a problem and theymos doesn't want it up, he can let me know, or just remove it himself.

syndria
Hero Member
*****
Offline Offline

Activity: 840
Merit: 500


View Profile
October 12, 2015, 11:24:31 PM
 #9

Thank you for letting me know this, ill remove my SQ now
Quickseller
Copper Member
Legendary
*
Offline Offline

Activity: 1988
Merit: 1771



View Profile WWW
October 12, 2015, 11:28:02 PM
 #10

Huh. I could've sworn I saw a post by theymos himself saying that accounts were being locked if the security question was being used to unlock them. But now I can't find any such post.

I suppose I will leave this up since it may help people who lock themselves out. If it's a problem and theymos doesn't want it up, he can let me know, or just remove it himself.
A staff member previously posted something similar to this, I spoke to them about it privately and they removed it.

This is not exactly the private keys to the forum's bitcoin, however it is a security issue. IMO there is really no reason to remove the thread now since this has been posted for long enough.

Find the fire hydrant in my Avatar for a prize.
jacee
Legendary
*
Offline Offline

Activity: 1330
Merit: 1024


View Profile WWW
October 13, 2015, 12:43:56 AM
 #11

Thank you for letting me know this, ill remove my SQ now

I have a question, How can I remove the secirity question in my account? I already set another security question when I got back my account from previous lock. Thanks!
achow101
Staff
Legendary
*
Offline Offline

Activity: 1974
Merit: 2951


bc1qshxkrpe4arppq89fpzm6c0tpdvx5cfkve2c8kl


View Profile WWW
October 13, 2015, 01:13:16 AM
 #12

Thank you for letting me know this, ill remove my SQ now

I have a question, How can I remove the secirity question in my account? I already set another security question when I got back my account from previous lock. Thanks!
AFAIK you just make sure that both text boxes for the secret question are empty. IIRC the answer box will have a red warning next to it when you have one set, when it isn't set, that warning should disappear.

jacee
Legendary
*
Offline Offline

Activity: 1330
Merit: 1024


View Profile WWW
October 13, 2015, 03:22:04 AM
 #13

Thank you for letting me know this, ill remove my SQ now

I have a question, How can I remove the secirity question in my account? I already set another security question when I got back my account from previous lock. Thanks!
AFAIK you just make sure that both text boxes for the secret question are empty. IIRC the answer box will have a red warning next to it when you have one set, when it isn't set, that warning should disappear.

Ok thanks. Got it removed.
achow101
Staff
Legendary
*
Offline Offline

Activity: 1974
Merit: 2951


bc1qshxkrpe4arppq89fpzm6c0tpdvx5cfkve2c8kl


View Profile WWW
October 18, 2015, 02:22:23 PM
 #14

bump

jaberwock
Legendary
*
Offline Offline

Activity: 1274
Merit: 1000


View Profile
October 18, 2015, 03:51:23 PM
 #15

Why not just remove the secret question?
When the account is locked for security reasons you will have to sign a message from an unused address anyway

notlist3d
Legendary
*
Offline Offline

Activity: 1470
Merit: 1000



View Profile
October 18, 2015, 04:55:33 PM
 #16

Why not just remove the secret question?
When the account is locked for security reasons you will have to sign a message from an unused address anyway

I would guess it's that the forum really does not check email when you sign up.  Some assumed  secret message was enough.   But after a while that big hack the secret messages were compromised. 

So now you really need to sign with a address used or something else to prove ownership.   Honestly everyone should stake a address
mexxer-2
Hero Member
*****
Offline Offline

Activity: 924
Merit: 1003


4 Mana 7/7


View Profile
October 18, 2015, 04:59:33 PM
 #17

I would guess it's that the forum really does not check email when you sign up.  Some assumed  secret message was enough.   But after a while that big hack the secret messages were compromised. 

So now you really need to sign with a address used or something else to prove ownership.   Honestly everyone should stake a address
It does, you can't leave the email box empty. I also agree with the removal of secret question, why put something like that if it can lock your account, at least a warning like this should be available on the secret question page or new members may get themselves locked out while using this.
dothebeats
Legendary
*
Offline Offline

Activity: 2030
Merit: 1146


Crypto Exchange - Secure & Anonymous


View Profile
October 18, 2015, 05:05:20 PM
 #18

Well I think that is also for security purposes. If one gained access to your secret answer, then you know the rest: they can get access to your account. This feature should be removed imo so that things like hacking wouldn't be a that much of a problem when it comes to secret answers.

█▀▀▀











█▄▄▄
|
▄▄█████▄▄
▄███████████▄
▄███████████████▄
▄██▀███████████▀██▄
▄█████▀███████▀█████▄
████████▀███▀████████
██████████████████
████████▄███▄████████
▀▀▀▀██████▄██████▀▀▀▀
█████████
▀███████████████▀
▀███████████▀
▀▀█████▀▀
▄▄█████▄▄
▄███████████▄
▄███████████████▄
▄█████████████████▄
▄████████████████▀██▄
██████████████▄██████
█████████████████████
████████████▀████████
▀█████████████▄█████▀
▀█████████████████▀
▀███████████████▀
▀███████████▀
▀▀█████▀▀
.
Trusted by ✔
MONERO
& DASH
|◆  OVER 115 COINS
◆  FIXED RATE
◆  NO REGISTRATION 
▀▀▀█











▄▄▄█
notlist3d
Legendary
*
Offline Offline

Activity: 1470
Merit: 1000



View Profile
October 18, 2015, 09:48:43 PM
 #19

Well I think that is also for security purposes. If one gained access to your secret answer, then you know the rest: they can get access to your account. This feature should be removed imo so that things like hacking wouldn't be a that much of a problem when it comes to secret answers.

One day there will be a "new forum" not sure on timeline of when we see updated forum.  I suspect then it they might possibly address it or remove it.

I think that chances of spending time programming on this forum to do it is slim.  Just have it in meta and people will know not to use it.
ndnh
Legendary
*
Offline Offline

Activity: 1288
Merit: 1001


New Decentralized Nuclear Hobbit


View Profile
October 19, 2015, 03:14:01 AM
 #20

I would say it is better to change OP to discuss "Do not have a secret question for your account. Why, and how to do it."

As QS said, I guess it is better to keep it a bit secret. Changing the title would help. Having a secret question for an account is not very useful.
dothebeats
Legendary
*
Offline Offline

Activity: 2030
Merit: 1146


Crypto Exchange - Secure & Anonymous


View Profile
October 19, 2015, 09:13:47 AM
 #21

Well I think that is also for security purposes. If one gained access to your secret answer, then you know the rest: they can get access to your account. This feature should be removed imo so that things like hacking wouldn't be a that much of a problem when it comes to secret answers.

One day there will be a "new forum" not sure on timeline of when we see updated forum.  I suspect then it they might possibly address it or remove it.

I think that chances of spending time programming on this forum to do it is slim.  Just have it in meta and people will know not to use it.

Why not try to address this matter on the new forum software? I think it will gain much attention there seeing that it is the place where discussions for what the new software could come up with, and afaik we can kind of request some features we like to see in the new forum.

█▀▀▀











█▄▄▄
|
▄▄█████▄▄
▄███████████▄
▄███████████████▄
▄██▀███████████▀██▄
▄█████▀███████▀█████▄
████████▀███▀████████
██████████████████
████████▄███▄████████
▀▀▀▀██████▄██████▀▀▀▀
█████████
▀███████████████▀
▀███████████▀
▀▀█████▀▀
▄▄█████▄▄
▄███████████▄
▄███████████████▄
▄█████████████████▄
▄████████████████▀██▄
██████████████▄██████
█████████████████████
████████████▀████████
▀█████████████▄█████▀
▀█████████████████▀
▀███████████████▀
▀███████████▀
▀▀█████▀▀
.
Trusted by ✔
MONERO
& DASH
|◆  OVER 115 COINS
◆  FIXED RATE
◆  NO REGISTRATION 
▀▀▀█











▄▄▄█
jacee
Legendary
*
Offline Offline

Activity: 1330
Merit: 1024


View Profile WWW
October 19, 2015, 12:44:45 PM
 #22

Well I think that is also for security purposes. If one gained access to your secret answer, then you know the rest: they can get access to your account. This feature should be removed imo so that things like hacking wouldn't be a that much of a problem when it comes to secret answers.

One day there will be a "new forum" not sure on timeline of when we see updated forum.  I suspect then it they might possibly address it or remove it.

I think that chances of spending time programming on this forum to do it is slim.  Just have it in meta and people will know not to use it.

Why not try to address this matter on the new forum software? I think it will gain much attention there seeing that it is the place where discussions for what the new software could come up with, and afaik we can kind of request some features we like to see in the new forum.

I don't think the secret question should be implemented on the new forum. I mean if it's been exposed to the hackers before then that might happen again. Well not with a much secure forum but then, anyway I just want the secret word reset to be fix because I sometimes find it handy specially in my case where I am very precautious in online security.
ptypichai
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
October 26, 2015, 04:50:14 AM
 #23

My account just got locked today due to this stupid implantation of password reset by secret question. Had I know about this I would have just done reset by email. It is really annoying because it is a FULL MEMBER account with activity over 900. Today I had to make this new account so I could post. I sent an email to Theymos to the email address given when I was told my account was locked after trying to sign in after the successful password reset by secret question. I am on vacation so when I get home I can figure out which BTC address I have in the sig of my old account and sign a message with it. If they do not answer the email I guess I will use this account to send a PM with a signed message every week as the OP suggested until I finally get a favorable response. I wish I had known about this before resetting the password. Using the secret question seemed faster than doing an email reset. A warning on the reset page that my account was going to be locked would have been nice and I would have done an email reset to avoid having my account locked. Very annoying.
shorena
Copper Member
Legendary
*
Offline Offline

Activity: 1484
Merit: 1345


No I dont escrow anymore.


View Profile WWW
October 26, 2015, 07:03:19 AM
 #24

My account just got locked today due to this stupid implantation of password reset by secret question. Had I know about this I would have just done reset by email. It is really annoying because it is a FULL MEMBER account with activity over 900.

No, an activity over 900 would make you at least Hero if not legendary. You are refering to the number of posts I guess.

Today I had to make this new account so I could post. I sent an email to Theymos to the email address given when I was told my account was locked after trying to sign in after the successful password reset by secret question. I am on vacation so when I get home I can figure out which BTC address I have in the sig of my old account and sign a message with it. If they do not answer the email I guess I will use this account to send a PM with a signed message every week as the OP suggested until I finally get a favorable response.

Yes.

I wish I had known about this before resetting the password. Using the secret question seemed faster than doing an email reset. A warning on the reset page that my account was going to be locked would have been nice and I would have done an email reset to avoid having my account locked. Very annoying.

It was meant to be hidden as long as possible, thus there is no warning. Sorry you have to go through this now.
ptypichai
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
October 26, 2015, 07:18:08 AM
 #25

My account just got locked today due to this stupid implantation of password reset by secret question. Had I know about this I would have just done reset by email. It is really annoying because it is a FULL MEMBER account with activity over 900.

No, an activity over 900 would make you at least Hero if not legendary. You are refering to the number of posts I guess.

Today I had to make this new account so I could post. I sent an email to Theymos to the email address given when I was told my account was locked after trying to sign in after the successful password reset by secret question. I am on vacation so when I get home I can figure out which BTC address I have in the sig of my old account and sign a message with it. If they do not answer the email I guess I will use this account to send a PM with a signed message every week as the OP suggested until I finally get a favorable response.

Yes.

I wish I had known about this before resetting the password. Using the secret question seemed faster than doing an email reset. A warning on the reset page that my account was going to be locked would have been nice and I would have done an email reset to avoid having my account locked. Very annoying.

It was meant to be hidden as long as possible, thus there is no warning. Sorry you have to go through this now.

Yes, I meant posts, sorry. Posts over 1040 and Activity over 330. My locked account is a "Sr. Member." Thanks for pointing out my brain fart. Also a BTC address has been in my sig for about eight months or longer and it is from my Trezor. So when I get home from vacation I can definitely send signed messages with that BTC addresses' private key.
ptypichai
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
November 07, 2015, 08:57:00 AM
 #26

Got home and sent PMs a couple of days ago. I hope I can get my Sr. Member account unlocked. Would suck having to start all over building a rep here.
jackbox
Legendary
*
Offline Offline

Activity: 1106
Merit: 1024



View Profile
December 01, 2015, 12:44:32 PM
 #27

Thank you to the OP of this post. Using the instructions in the top post I finally got my Sr. Member account back after a month of sending signed messages every week as directed. Nice to get my account back.  Smiley  Cheesy  Grin

Buy a Trezor and Protect your BTC, BCH, BTG, DASH, LTC, DGB, ZEC, ETH and ETC from hackers.
If I was helpful please buy me a coffee BTC: 1DWK7vBaxcTC5Wd2nQwLGEoy8xdFVzGKLK  BTG: AWvN1iBqCUqG2tEh3XoVvRbdcGrAzfBBpW
If I was helpful please buy me a burger XVG: DGYWTLtcGh4mvoG6B2yifakeP2W24P4cco  DGB: DLASV6CUQpGtGSyaVz5FYuu5YxZ17MoGQz
TheGr33k
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500



View Profile
December 02, 2015, 11:50:08 PM
 #28

I could be incorrect, but that might just be a glitch.
muleroaa
Hero Member
*****
Offline Offline

Activity: 924
Merit: 522


GIF by SOCIFI


View Profile
June 17, 2016, 12:44:16 PM
 #29

Shit.....just got locked out of my account by answering the secret question. I can't believe they haven't taken this out or disabled it yet. I'm afraid I won't get control back of my "main" account for a long time....

                ▄▄▄▄▄▄▄▄▄▄                          ▄▄▄▄▄▄▄▄▄▄
             █████████████████                   █████████████████
         █████████████████████████           █████████████████████████
       █████████████████████████████       █████████████████████████████
     █████████████████████████████████   █████████████████████████████████
   ████████████▀           ▀██████████████████████████████████████████████
  ████████████▄▄███████████▄▄█████████▓▓▓███████████████████████████████████
 ▐██████████████▀         ▀██████████▓▓▓▓████████████████████████████████████
 ██████████████▄▄█████████▄▄█████████▓▓▓▓▓████████████████████████████████████
▐█████████████████▀      ▀██████████▓▓▓▓▓▓████████████████████████████████████▌
▐████████████████▄▄██████▄▄█████████▓▓▓▓▓▓▓███████████████████████████████████▌
▐██████████████████      ███████████▓▓▓▓▓▓▓███████████████████████████████████▌
▐██████████████████ ████ ████████████▓▓▓▓▓████████████████████████████████████
 ██████████████████ ████ ████████████▓▓▓▓▓███████████████    ████████████████
  █████████████████ ████ █████████████▓▓▓████████████████   █████████████   █
   ████████████████      ███████████████████████████████    ███████████
    ██████████████████████████████████ ██████████████████     ████████
      ███████████████████████████████     █████████████████
        ███████████████████████████         █████████████████▓
           ████████████████████                ███████████████████▓
               ▀▀▀▀▀▀▀▀▀▀▀▀▀                       ▀▀▀▀▀▀▀▀▀▀▀▀▀

▄▄▄████████▄▄▄
▄▄██████████████████▄▄
▄████████████████████████▄
▄████████████████████████████▄
████████████████████████████████
▓████████████████████████████████▓
███████████████████████▒░███████████
▄█████████████████▒░      ███████████▄
█████████████░░          ░████████████
█████████░              ░█████████████
██████████▓░░          ░██████████████
██████████████▓░       ███████████████
▀███████████████▒     ░██████████████▀
████████████████▒   ░███████████████
████████████████░ ░███████████████
████████████████████████████████
▀████████████████████████████▀
▀████████████████████████▀
▀▀██████████████████▀▀
 ▀▀▀████████▀▀▀
.
JOIN OUR
TELEGRAM
jackbox
Legendary
*
Offline Offline

Activity: 1106
Merit: 1024



View Profile
June 17, 2016, 12:51:52 PM
 #30

Shit.....just got locked out of my account by answering the secret question. I can't believe they haven't taken this out or disabled it yet. I'm afraid I won't get control back of my "main" account for a long time....

Be patient and persistent sending messages to Theymos. It took me about two to three months of a signed message a week before he finally responded and apologized for the late response.

Buy a Trezor and Protect your BTC, BCH, BTG, DASH, LTC, DGB, ZEC, ETH and ETC from hackers.
If I was helpful please buy me a coffee BTC: 1DWK7vBaxcTC5Wd2nQwLGEoy8xdFVzGKLK  BTG: AWvN1iBqCUqG2tEh3XoVvRbdcGrAzfBBpW
If I was helpful please buy me a burger XVG: DGYWTLtcGh4mvoG6B2yifakeP2W24P4cco  DGB: DLASV6CUQpGtGSyaVz5FYuu5YxZ17MoGQz
notlist3d
Legendary
*
Offline Offline

Activity: 1470
Merit: 1000



View Profile
June 17, 2016, 11:31:03 PM
 #31

Shit.....just got locked out of my account by answering the secret question. I can't believe they haven't taken this out or disabled it yet. I'm afraid I won't get control back of my "main" account for a long time....

Be patient and persistent sending messages to Theymos. It took me about two to three months of a signed message a week before he finally responded and apologized for the late response.

It does take patience in some of the cases it is kinda seen as a lessor issue with it being known I think.  It is hard to get info about it to every user I bump a thread I made in beginner about once a month - https://bitcointalk.org/index.php?topic=1214627.0 .   The good news is overall it has slowed down a ton, it was multiple a day at first.   Now it's much much slower.

I would suggest starting your own thread in meta about issue though.   List user and problem about lock.    And then the patience part comes in, I would bump your thread and send email once a week.  I would not do it any more then that as you don't want to be a pain to admins. 
muleroaa
Hero Member
*****
Offline Offline

Activity: 924
Merit: 522


GIF by SOCIFI


View Profile
June 18, 2016, 01:02:46 AM
 #32

Shit.....just got locked out of my account by answering the secret question. I can't believe they haven't taken this out or disabled it yet. I'm afraid I won't get control back of my "main" account for a long time....

Be patient and persistent sending messages to Theymos. It took me about two to three months of a signed message a week before he finally responded and apologized for the late response.

It does take patience in some of the cases it is kinda seen as a lessor issue with it being known I think.  It is hard to get info about it to every user I bump a thread I made in beginner about once a month - https://bitcointalk.org/index.php?topic=1214627.0 .   The good news is overall it has slowed down a ton, it was multiple a day at first.   Now it's much much slower.

I would suggest starting your own thread in meta about issue though.   List user and problem about lock.    And then the patience part comes in, I would bump your thread and send email once a week.  I would not do it any more then that as you don't want to be a pain to admins. 

Thank you, I will do that. It just seems strange that there is no option to turn of the "feature" completely. There are a lot of people who don't browse the different forum sections and simply don't know about the issue. I won't forget it anymore though  Smiley

                ▄▄▄▄▄▄▄▄▄▄                          ▄▄▄▄▄▄▄▄▄▄
             █████████████████                   █████████████████
         █████████████████████████           █████████████████████████
       █████████████████████████████       █████████████████████████████
     █████████████████████████████████   █████████████████████████████████
   ████████████▀           ▀██████████████████████████████████████████████
  ████████████▄▄███████████▄▄█████████▓▓▓███████████████████████████████████
 ▐██████████████▀         ▀██████████▓▓▓▓████████████████████████████████████
 ██████████████▄▄█████████▄▄█████████▓▓▓▓▓████████████████████████████████████
▐█████████████████▀      ▀██████████▓▓▓▓▓▓████████████████████████████████████▌
▐████████████████▄▄██████▄▄█████████▓▓▓▓▓▓▓███████████████████████████████████▌
▐██████████████████      ███████████▓▓▓▓▓▓▓███████████████████████████████████▌
▐██████████████████ ████ ████████████▓▓▓▓▓████████████████████████████████████
 ██████████████████ ████ ████████████▓▓▓▓▓███████████████    ████████████████
  █████████████████ ████ █████████████▓▓▓████████████████   █████████████   █
   ████████████████      ███████████████████████████████    ███████████
    ██████████████████████████████████ ██████████████████     ████████
      ███████████████████████████████     █████████████████
        ███████████████████████████         █████████████████▓
           ████████████████████                ███████████████████▓
               ▀▀▀▀▀▀▀▀▀▀▀▀▀                       ▀▀▀▀▀▀▀▀▀▀▀▀▀

▄▄▄████████▄▄▄
▄▄██████████████████▄▄
▄████████████████████████▄
▄████████████████████████████▄
████████████████████████████████
▓████████████████████████████████▓
███████████████████████▒░███████████
▄█████████████████▒░      ███████████▄
█████████████░░          ░████████████
█████████░              ░█████████████
██████████▓░░          ░██████████████
██████████████▓░       ███████████████
▀███████████████▒     ░██████████████▀
████████████████▒   ░███████████████
████████████████░ ░███████████████
████████████████████████████████
▀████████████████████████████▀
▀████████████████████████▀
▀▀██████████████████▀▀
 ▀▀▀████████▀▀▀
.
JOIN OUR
TELEGRAM
BitcoinEXpress
Legendary
*
Offline Offline

Activity: 1204
Merit: 1008



View Profile
June 18, 2016, 02:22:11 AM
 #33




Thank you, I will do that. It just seems strange that there is no option to turn of the "feature" completely. There are a lot of people who don't browse the different forum sections and simply don't know about the issue. I won't forget it anymore though  Smiley


There is.

Leave both fields blank in the secret question section.

It will disable it.


~BCX~
nitesh1995p
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
June 18, 2016, 02:26:54 AM
 #34

thank you for creating the thread to give information about it to every one..
jackbox
Legendary
*
Offline Offline

Activity: 1106
Merit: 1024



View Profile
June 18, 2016, 04:25:23 AM
 #35




Thank you, I will do that. It just seems strange that there is no option to turn of the "feature" completely. There are a lot of people who don't browse the different forum sections and simply don't know about the issue. I won't forget it anymore though  Smiley


There is.

Leave both fields blank in the secret question section.

It will disable it.


~BCX~

Can this be done after the question is set by blanking them out and saving? I was already burned by this and had my account locked. It was frustrating, to say the least, to get my account restored many months later.

Buy a Trezor and Protect your BTC, BCH, BTG, DASH, LTC, DGB, ZEC, ETH and ETC from hackers.
If I was helpful please buy me a coffee BTC: 1DWK7vBaxcTC5Wd2nQwLGEoy8xdFVzGKLK  BTG: AWvN1iBqCUqG2tEh3XoVvRbdcGrAzfBBpW
If I was helpful please buy me a burger XVG: DGYWTLtcGh4mvoG6B2yifakeP2W24P4cco  DGB: DLASV6CUQpGtGSyaVz5FYuu5YxZ17MoGQz
achow101
Staff
Legendary
*
Offline Offline

Activity: 1974
Merit: 2951


bc1qshxkrpe4arppq89fpzm6c0tpdvx5cfkve2c8kl


View Profile WWW
June 18, 2016, 04:28:46 AM
 #36

Can this be done after the question is set by blanking them out and saving? I was already burned by this and had my account locked. It was frustrating, to say the least, to get my account restored many months later.
Yes, that is how you disable the security question for your account.

BitcoinEXpress
Legendary
*
Offline Offline

Activity: 1204
Merit: 1008



View Profile
June 18, 2016, 04:29:32 AM
 #37




Thank you, I will do that. It just seems strange that there is no option to turn of the "feature" completely. There are a lot of people who don't browse the different forum sections and simply don't know about the issue. I won't forget it anymore though  Smiley


There is.

Leave both fields blank in the secret question section.

It will disable it.


~BCX~

Can this be done after the question is set by blanking them out and saving? I was already burned by this and had my account locked. It was frustrating, to say the least, to get my account restored many months later.


Yes

Blanking the fields and saving them will not lock your account.



~BCX~
jackbox
Legendary
*
Offline Offline

Activity: 1106
Merit: 1024



View Profile
June 18, 2016, 04:34:42 AM
 #38


Yes

Blanking the fields and saving them will not lock your account.



~BCX~

Thank you.

Buy a Trezor and Protect your BTC, BCH, BTG, DASH, LTC, DGB, ZEC, ETH and ETC from hackers.
If I was helpful please buy me a coffee BTC: 1DWK7vBaxcTC5Wd2nQwLGEoy8xdFVzGKLK  BTG: AWvN1iBqCUqG2tEh3XoVvRbdcGrAzfBBpW
If I was helpful please buy me a burger XVG: DGYWTLtcGh4mvoG6B2yifakeP2W24P4cco  DGB: DLASV6CUQpGtGSyaVz5FYuu5YxZ17MoGQz
Quickseller
Copper Member
Legendary
*
Offline Offline

Activity: 1988
Merit: 1771



View Profile WWW
June 18, 2016, 05:57:11 AM
 #39




Thank you, I will do that. It just seems strange that there is no option to turn of the "feature" completely. There are a lot of people who don't browse the different forum sections and simply don't know about the issue. I won't forget it anymore though  Smiley


There is.

Leave both fields blank in the secret question section.

It will disable it.


~BCX~
I am not sure how robust of a solution this is. Not everyone is going to see this warning (or even visit Meta on any kind of regular basis), so they will not know to remove their security question and to not attempt to use it to reset their password to their account.


Find the fire hydrant in my Avatar for a prize.
muleroaa
Hero Member
*****
Offline Offline

Activity: 924
Merit: 522


GIF by SOCIFI


View Profile
June 18, 2016, 11:47:58 AM
 #40




Thank you, I will do that. It just seems strange that there is no option to turn of the "feature" completely. There are a lot of people who don't browse the different forum sections and simply don't know about the issue. I won't forget it anymore though  Smiley


There is.

Leave both fields blank in the secret question section.

It will disable it.


~BCX~

I understand that you can have it turned off, I actually had it turned off before, but thought I'd improve the security. I ment it's strange that the possibility of adding a secret question is still in there, if the feature is bugged and gets people locked out (for months).

                ▄▄▄▄▄▄▄▄▄▄                          ▄▄▄▄▄▄▄▄▄▄
             █████████████████                   █████████████████
         █████████████████████████           █████████████████████████
       █████████████████████████████       █████████████████████████████
     █████████████████████████████████   █████████████████████████████████
   ████████████▀           ▀██████████████████████████████████████████████
  ████████████▄▄███████████▄▄█████████▓▓▓███████████████████████████████████
 ▐██████████████▀         ▀██████████▓▓▓▓████████████████████████████████████
 ██████████████▄▄█████████▄▄█████████▓▓▓▓▓████████████████████████████████████
▐█████████████████▀      ▀██████████▓▓▓▓▓▓████████████████████████████████████▌
▐████████████████▄▄██████▄▄█████████▓▓▓▓▓▓▓███████████████████████████████████▌
▐██████████████████      ███████████▓▓▓▓▓▓▓███████████████████████████████████▌
▐██████████████████ ████ ████████████▓▓▓▓▓████████████████████████████████████
 ██████████████████ ████ ████████████▓▓▓▓▓███████████████    ████████████████
  █████████████████ ████ █████████████▓▓▓████████████████   █████████████   █
   ████████████████      ███████████████████████████████    ███████████
    ██████████████████████████████████ ██████████████████     ████████
      ███████████████████████████████     █████████████████
        ███████████████████████████         █████████████████▓
           ████████████████████                ███████████████████▓
               ▀▀▀▀▀▀▀▀▀▀▀▀▀                       ▀▀▀▀▀▀▀▀▀▀▀▀▀

▄▄▄████████▄▄▄
▄▄██████████████████▄▄
▄████████████████████████▄
▄████████████████████████████▄
████████████████████████████████
▓████████████████████████████████▓
███████████████████████▒░███████████
▄█████████████████▒░      ███████████▄
█████████████░░          ░████████████
█████████░              ░█████████████
██████████▓░░          ░██████████████
██████████████▓░       ███████████████
▀███████████████▒     ░██████████████▀
████████████████▒   ░███████████████
████████████████░ ░███████████████
████████████████████████████████
▀████████████████████████████▀
▀████████████████████████▀
▀▀██████████████████▀▀
 ▀▀▀████████▀▀▀
.
JOIN OUR
TELEGRAM
jackbox
Legendary
*
Offline Offline

Activity: 1106
Merit: 1024



View Profile
June 18, 2016, 01:31:25 PM
 #41




Thank you, I will do that. It just seems strange that there is no option to turn of the "feature" completely. There are a lot of people who don't browse the different forum sections and simply don't know about the issue. I won't forget it anymore though  Smiley


There is.

Leave both fields blank in the secret question section.

It will disable it.


~BCX~

I understand that you can have it turned off, I actually had it turned off before, but thought I'd improve the security. I ment it's strange that the possibility of adding a secret question is still in there, if the feature is bugged and gets people locked out (for months).

Unfortunately it is not a bug. A while back the user database of the forum was hacked. Logins were compromised. Theymos did it so the hackers could not get the password via the reset option. And they purposely kept it secret so the hackers would not know about it. They won't be turning it off. Just need to know or once you do it and get your account reinstated you will never do it again. But someone who did have a BTC address six months prior in a post or signature has no chance of recovering the account.

Buy a Trezor and Protect your BTC, BCH, BTG, DASH, LTC, DGB, ZEC, ETH and ETC from hackers.
If I was helpful please buy me a coffee BTC: 1DWK7vBaxcTC5Wd2nQwLGEoy8xdFVzGKLK  BTG: AWvN1iBqCUqG2tEh3XoVvRbdcGrAzfBBpW
If I was helpful please buy me a burger XVG: DGYWTLtcGh4mvoG6B2yifakeP2W24P4cco  DGB: DLASV6CUQpGtGSyaVz5FYuu5YxZ17MoGQz
BitcoinEXpress
Legendary
*
Offline Offline

Activity: 1204
Merit: 1008



View Profile
June 18, 2016, 05:51:31 PM
Last edit: June 18, 2016, 06:35:06 PM by BitcoinEXpress
 #42

I am not sure how robust of a solution this is. Not everyone is going to see this warning (or even visit Meta on any kind of regular basis), so they will not know to remove their security question and to not attempt to use it to reset their password to their account.





I was originally set to display red text "You have a secret question set, this is not recommended" if there was a secret question set.

If no secret question is set, you will not see this warning.



~BCX~
muleroaa
Hero Member
*****
Offline Offline

Activity: 924
Merit: 522


GIF by SOCIFI


View Profile
June 18, 2016, 06:14:12 PM
 #43

I am not sure how robust of a solution this is. Not everyone is going to see this warning (or even visit Meta on any kind of regular basis), so they will not know to remove their security question and to not attempt to use it to reset their password to their account.





I originally set it to display red text "You have a secret question set, this is not recommended" if there was a secret question set.

If no secret question is set, you will not see this warning.



~BCX~

BitcoinEXpress, cheeky question: Since you are able to make changes to the forum, are you also able to unlock accounts?

                ▄▄▄▄▄▄▄▄▄▄                          ▄▄▄▄▄▄▄▄▄▄
             █████████████████                   █████████████████
         █████████████████████████           █████████████████████████
       █████████████████████████████       █████████████████████████████
     █████████████████████████████████   █████████████████████████████████
   ████████████▀           ▀██████████████████████████████████████████████
  ████████████▄▄███████████▄▄█████████▓▓▓███████████████████████████████████
 ▐██████████████▀         ▀██████████▓▓▓▓████████████████████████████████████
 ██████████████▄▄█████████▄▄█████████▓▓▓▓▓████████████████████████████████████
▐█████████████████▀      ▀██████████▓▓▓▓▓▓████████████████████████████████████▌
▐████████████████▄▄██████▄▄█████████▓▓▓▓▓▓▓███████████████████████████████████▌
▐██████████████████      ███████████▓▓▓▓▓▓▓███████████████████████████████████▌
▐██████████████████ ████ ████████████▓▓▓▓▓████████████████████████████████████
 ██████████████████ ████ ████████████▓▓▓▓▓███████████████    ████████████████
  █████████████████ ████ █████████████▓▓▓████████████████   █████████████   █
   ████████████████      ███████████████████████████████    ███████████
    ██████████████████████████████████ ██████████████████     ████████
      ███████████████████████████████     █████████████████
        ███████████████████████████         █████████████████▓
           ████████████████████                ███████████████████▓
               ▀▀▀▀▀▀▀▀▀▀▀▀▀                       ▀▀▀▀▀▀▀▀▀▀▀▀▀

▄▄▄████████▄▄▄
▄▄██████████████████▄▄
▄████████████████████████▄
▄████████████████████████████▄
████████████████████████████████
▓████████████████████████████████▓
███████████████████████▒░███████████
▄█████████████████▒░      ███████████▄
█████████████░░          ░████████████
█████████░              ░█████████████
██████████▓░░          ░██████████████
██████████████▓░       ███████████████
▀███████████████▒     ░██████████████▀
████████████████▒   ░███████████████
████████████████░ ░███████████████
████████████████████████████████
▀████████████████████████████▀
▀████████████████████████▀
▀▀██████████████████▀▀
 ▀▀▀████████▀▀▀
.
JOIN OUR
TELEGRAM
BitcoinEXpress
Legendary
*
Offline Offline

Activity: 1204
Merit: 1008



View Profile
June 18, 2016, 06:34:37 PM
 #44

I am not sure how robust of a solution this is. Not everyone is going to see this warning (or even visit Meta on any kind of regular basis), so they will not know to remove their security question and to not attempt to use it to reset their password to their account.





I originally set it to display red text "You have a secret question set, this is not recommended" if there was a secret question set.

If no secret question is set, you will not see this warning.



~BCX~

BitcoinEXpress, cheeky question: Since you are able to make changes to the forum, are you also able to unlock accounts?

Unfortunate typo as English is not my primary language.

I meant to say


It was originally set to display red text "You have a secret question set, this is not recommended" if there was a secret question set.



Only Theymos and BadBear have the technical abilities to unlock accounts.


I'm just a regular member.



~BCX~
FFrankie
Hero Member
*****
Offline Offline

Activity: 1344
Merit: 888


View Profile
June 19, 2016, 08:50:56 AM
 #45

Is this why I can not make a secret question? I would assume so, but I figured I would ask anyway I did not see it in this thread anywhere
jackbox
Legendary
*
Offline Offline

Activity: 1106
Merit: 1024



View Profile
June 19, 2016, 09:29:07 AM
 #46

Is this why I can not make a secret question? I would assume so, but I figured I would ask anyway I did not see it in this thread anywhere

You do not want to set a secret question. If you use it to recover your password your account will be immediately frozen.

Buy a Trezor and Protect your BTC, BCH, BTG, DASH, LTC, DGB, ZEC, ETH and ETC from hackers.
If I was helpful please buy me a coffee BTC: 1DWK7vBaxcTC5Wd2nQwLGEoy8xdFVzGKLK  BTG: AWvN1iBqCUqG2tEh3XoVvRbdcGrAzfBBpW
If I was helpful please buy me a burger XVG: DGYWTLtcGh4mvoG6B2yifakeP2W24P4cco  DGB: DLASV6CUQpGtGSyaVz5FYuu5YxZ17MoGQz
ndnh
Legendary
*
Offline Offline

Activity: 1288
Merit: 1001


New Decentralized Nuclear Hobbit


View Profile
June 19, 2016, 12:39:17 PM
 #47

Is this why I can not make a secret question? I would assume so, but I figured I would ask anyway I did not see it in this thread anywhere

You can (can't you??). But you probably should not.

It will make your account vulnerable. (which is why the account gets locked to protect account theft when that is used to recover account)
Quote
Using this feature is not recommended. Anyone who guesses your secret answer will have access to your account.
minifrij
Legendary
*
Offline Offline

Activity: 2100
Merit: 1174


In Memory of Zepher


View Profile WWW
June 19, 2016, 04:38:34 PM
 #48

It will make your account vulnerable. (which is why the account gets locked to protect account theft when that is used to recover account)
Quote
Using this feature is not recommended. Anyone who guesses your secret answer will have access to your account.
It won't anymore, it will just be useless considering the account would just be locked if it were used.

What that quote is saying is about secret questions in general. Accounts only began to be locked after the forum was last compromised, as the secret questions and answers were leaked and could be decrypted to hack into accounts.
notlist3d
Legendary
*
Offline Offline

Activity: 1470
Merit: 1000



View Profile
June 20, 2016, 06:10:20 AM
 #49

Is this why I can not make a secret question? I would assume so, but I figured I would ask anyway I did not see it in this thread anywhere

You can (can't you??). But you probably should not.

It will make your account vulnerable. (which is why the account gets locked to protect account theft when that is used to recover account)
Quote
Using this feature is not recommended. Anyone who guesses your secret answer will have access to your account.

If you made it now it is not that the question would make it vulnerable.  It is that there was a past security breach where the ones at that time were compromised.   So a security question in itself is not really making it vulnerable, but the problem is account's that have same security question now as time of breach.    It also becomes even harder with inactive accounts as chances of changing security question are none.

So the security question now locks to prevent compromise.   It is a pain for those who hit it but it is considered known now, and we really have a LOT less using security questions now then we did say in October of 2015.  If you look back there was quite a few more then say today it has went down drastically that more users know it locks account's.
Pages: 1 2 3 [All]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!