Bitcoin Forum
December 13, 2019, 03:38:29 PM *
News: Latest Bitcoin Core release: 0.19.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 [3]  All
  Print  
Author Topic: PSA: ACCOUNTS WILL BE LOCKED IF THE SECRET QUESTION IS USED TO RECOVER IT  (Read 4120 times)
jackbox
Legendary
*
Offline Offline

Activity: 1106
Merit: 1024



View Profile
June 18, 2016, 01:31:25 PM
 #41




Thank you, I will do that. It just seems strange that there is no option to turn of the "feature" completely. There are a lot of people who don't browse the different forum sections and simply don't know about the issue. I won't forget it anymore though  Smiley


There is.

Leave both fields blank in the secret question section.

It will disable it.


~BCX~

I understand that you can have it turned off, I actually had it turned off before, but thought I'd improve the security. I ment it's strange that the possibility of adding a secret question is still in there, if the feature is bugged and gets people locked out (for months).

Unfortunately it is not a bug. A while back the user database of the forum was hacked. Logins were compromised. Theymos did it so the hackers could not get the password via the reset option. And they purposely kept it secret so the hackers would not know about it. They won't be turning it off. Just need to know or once you do it and get your account reinstated you will never do it again. But someone who did have a BTC address six months prior in a post or signature has no chance of recovering the account.

Buy a Trezor and Protect your BTC, BCH, BTG, DASH, LTC, DGB, ZEC, ETH and ETC from hackers.
If I was helpful please buy me a coffee BTC: 1DWK7vBaxcTC5Wd2nQwLGEoy8xdFVzGKLK  BTG: AWvN1iBqCUqG2tEh3XoVvRbdcGrAzfBBpW
If I was helpful please buy me a burger XVG: DGYWTLtcGh4mvoG6B2yifakeP2W24P4cco  DGB: DLASV6CUQpGtGSyaVz5FYuu5YxZ17MoGQz
1576251509
Hero Member
*
Offline Offline

Posts: 1576251509

View Profile Personal Message (Offline)

Ignore
1576251509
Reply with quote  #2

1576251509
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1576251509
Hero Member
*
Offline Offline

Posts: 1576251509

View Profile Personal Message (Offline)

Ignore
1576251509
Reply with quote  #2

1576251509
Report to moderator
1576251509
Hero Member
*
Offline Offline

Posts: 1576251509

View Profile Personal Message (Offline)

Ignore
1576251509
Reply with quote  #2

1576251509
Report to moderator
1576251509
Hero Member
*
Offline Offline

Posts: 1576251509

View Profile Personal Message (Offline)

Ignore
1576251509
Reply with quote  #2

1576251509
Report to moderator
BitcoinEXpress
Legendary
*
Offline Offline

Activity: 1204
Merit: 1008



View Profile
June 18, 2016, 05:51:31 PM
Last edit: June 18, 2016, 06:35:06 PM by BitcoinEXpress
 #42

I am not sure how robust of a solution this is. Not everyone is going to see this warning (or even visit Meta on any kind of regular basis), so they will not know to remove their security question and to not attempt to use it to reset their password to their account.





I was originally set to display red text "You have a secret question set, this is not recommended" if there was a secret question set.

If no secret question is set, you will not see this warning.



~BCX~
muleroaa
Hero Member
*****
Offline Offline

Activity: 924
Merit: 522


GIF by SOCIFI


View Profile
June 18, 2016, 06:14:12 PM
 #43

I am not sure how robust of a solution this is. Not everyone is going to see this warning (or even visit Meta on any kind of regular basis), so they will not know to remove their security question and to not attempt to use it to reset their password to their account.





I originally set it to display red text "You have a secret question set, this is not recommended" if there was a secret question set.

If no secret question is set, you will not see this warning.



~BCX~

BitcoinEXpress, cheeky question: Since you are able to make changes to the forum, are you also able to unlock accounts?

                ▄▄▄▄▄▄▄▄▄▄                          ▄▄▄▄▄▄▄▄▄▄
             █████████████████                   █████████████████
         █████████████████████████           █████████████████████████
       █████████████████████████████       █████████████████████████████
     █████████████████████████████████   █████████████████████████████████
   ████████████▀           ▀██████████████████████████████████████████████
  ████████████▄▄███████████▄▄█████████▓▓▓███████████████████████████████████
 ▐██████████████▀         ▀██████████▓▓▓▓████████████████████████████████████
 ██████████████▄▄█████████▄▄█████████▓▓▓▓▓████████████████████████████████████
▐█████████████████▀      ▀██████████▓▓▓▓▓▓████████████████████████████████████▌
▐████████████████▄▄██████▄▄█████████▓▓▓▓▓▓▓███████████████████████████████████▌
▐██████████████████      ███████████▓▓▓▓▓▓▓███████████████████████████████████▌
▐██████████████████ ████ ████████████▓▓▓▓▓████████████████████████████████████
 ██████████████████ ████ ████████████▓▓▓▓▓███████████████    ████████████████
  █████████████████ ████ █████████████▓▓▓████████████████   █████████████   █
   ████████████████      ███████████████████████████████    ███████████
    ██████████████████████████████████ ██████████████████     ████████
      ███████████████████████████████     █████████████████
        ███████████████████████████         █████████████████▓
           ████████████████████                ███████████████████▓
               ▀▀▀▀▀▀▀▀▀▀▀▀▀                       ▀▀▀▀▀▀▀▀▀▀▀▀▀

▄▄▄████████▄▄▄
▄▄██████████████████▄▄
▄████████████████████████▄
▄████████████████████████████▄
████████████████████████████████
▓████████████████████████████████▓
███████████████████████▒░███████████
▄█████████████████▒░      ███████████▄
█████████████░░          ░████████████
█████████░              ░█████████████
██████████▓░░          ░██████████████
██████████████▓░       ███████████████
▀███████████████▒     ░██████████████▀
████████████████▒   ░███████████████
████████████████░ ░███████████████
████████████████████████████████
▀████████████████████████████▀
▀████████████████████████▀
▀▀██████████████████▀▀
 ▀▀▀████████▀▀▀
.
JOIN OUR
TELEGRAM
BitcoinEXpress
Legendary
*
Offline Offline

Activity: 1204
Merit: 1008



View Profile
June 18, 2016, 06:34:37 PM
 #44

I am not sure how robust of a solution this is. Not everyone is going to see this warning (or even visit Meta on any kind of regular basis), so they will not know to remove their security question and to not attempt to use it to reset their password to their account.





I originally set it to display red text "You have a secret question set, this is not recommended" if there was a secret question set.

If no secret question is set, you will not see this warning.



~BCX~

BitcoinEXpress, cheeky question: Since you are able to make changes to the forum, are you also able to unlock accounts?

Unfortunate typo as English is not my primary language.

I meant to say


It was originally set to display red text "You have a secret question set, this is not recommended" if there was a secret question set.



Only Theymos and BadBear have the technical abilities to unlock accounts.


I'm just a regular member.



~BCX~
FFrankie
Hero Member
*****
Offline Offline

Activity: 1344
Merit: 888


View Profile
June 19, 2016, 08:50:56 AM
 #45

Is this why I can not make a secret question? I would assume so, but I figured I would ask anyway I did not see it in this thread anywhere
jackbox
Legendary
*
Offline Offline

Activity: 1106
Merit: 1024



View Profile
June 19, 2016, 09:29:07 AM
 #46

Is this why I can not make a secret question? I would assume so, but I figured I would ask anyway I did not see it in this thread anywhere

You do not want to set a secret question. If you use it to recover your password your account will be immediately frozen.

Buy a Trezor and Protect your BTC, BCH, BTG, DASH, LTC, DGB, ZEC, ETH and ETC from hackers.
If I was helpful please buy me a coffee BTC: 1DWK7vBaxcTC5Wd2nQwLGEoy8xdFVzGKLK  BTG: AWvN1iBqCUqG2tEh3XoVvRbdcGrAzfBBpW
If I was helpful please buy me a burger XVG: DGYWTLtcGh4mvoG6B2yifakeP2W24P4cco  DGB: DLASV6CUQpGtGSyaVz5FYuu5YxZ17MoGQz
ndnh
Legendary
*
Offline Offline

Activity: 1288
Merit: 1001


New Decentralized Nuclear Hobbit


View Profile
June 19, 2016, 12:39:17 PM
 #47

Is this why I can not make a secret question? I would assume so, but I figured I would ask anyway I did not see it in this thread anywhere

You can (can't you??). But you probably should not.

It will make your account vulnerable. (which is why the account gets locked to protect account theft when that is used to recover account)
Quote
Using this feature is not recommended. Anyone who guesses your secret answer will have access to your account.
minifrij
Legendary
*
Offline Offline

Activity: 2100
Merit: 1174


In Memory of Zepher


View Profile WWW
June 19, 2016, 04:38:34 PM
 #48

It will make your account vulnerable. (which is why the account gets locked to protect account theft when that is used to recover account)
Quote
Using this feature is not recommended. Anyone who guesses your secret answer will have access to your account.
It won't anymore, it will just be useless considering the account would just be locked if it were used.

What that quote is saying is about secret questions in general. Accounts only began to be locked after the forum was last compromised, as the secret questions and answers were leaked and could be decrypted to hack into accounts.
notlist3d
Legendary
*
Offline Offline

Activity: 1470
Merit: 1000



View Profile
June 20, 2016, 06:10:20 AM
 #49

Is this why I can not make a secret question? I would assume so, but I figured I would ask anyway I did not see it in this thread anywhere

You can (can't you??). But you probably should not.

It will make your account vulnerable. (which is why the account gets locked to protect account theft when that is used to recover account)
Quote
Using this feature is not recommended. Anyone who guesses your secret answer will have access to your account.

If you made it now it is not that the question would make it vulnerable.  It is that there was a past security breach where the ones at that time were compromised.   So a security question in itself is not really making it vulnerable, but the problem is account's that have same security question now as time of breach.    It also becomes even harder with inactive accounts as chances of changing security question are none.

So the security question now locks to prevent compromise.   It is a pain for those who hit it but it is considered known now, and we really have a LOT less using security questions now then we did say in October of 2015.  If you look back there was quite a few more then say today it has went down drastically that more users know it locks account's.
Pages: « 1 2 [3]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!