Bitcoin Forum
May 19, 2019, 07:46:49 AM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: FULL MEMBER ACCT locked because did password reset by secret question  (Read 369 times)
ptypichai
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
October 26, 2015, 04:13:51 AM
 #1

I have an account with an activity level of over 900 and I was a Full Member. I did a password reset by secret question and it locked my account. I did not know at the time that doing this automatically locked the account. It would have been nice if the password reset page said do by email, not by secret question because we will automatically lock your account. I sent an email to the email address the page gave when it locked my account. Still waiting for a response. Will someone eventually respond and unlock the account or do they ignore these emails forever. I am bummed that an account with a high rating got locked for something so stupid and the page should have warned me not to reset by secret question.
1558252009
Hero Member
*
Offline Offline

Posts: 1558252009

View Profile Personal Message (Offline)

Ignore
1558252009
Reply with quote  #2

1558252009
Report to moderator
1558252009
Hero Member
*
Offline Offline

Posts: 1558252009

View Profile Personal Message (Offline)

Ignore
1558252009
Reply with quote  #2

1558252009
Report to moderator
Crypto Casino Since 2014
Level Up & Get Even More Rewards!
Daily Treasure Chest
& Much More
Roll Hunt
Rakeback
Blackjack
Jackpot
Dice
Slots
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1558252009
Hero Member
*
Offline Offline

Posts: 1558252009

View Profile Personal Message (Offline)

Ignore
1558252009
Reply with quote  #2

1558252009
Report to moderator
1558252009
Hero Member
*
Offline Offline

Posts: 1558252009

View Profile Personal Message (Offline)

Ignore
1558252009
Reply with quote  #2

1558252009
Report to moderator
1558252009
Hero Member
*
Offline Offline

Posts: 1558252009

View Profile Personal Message (Offline)

Ignore
1558252009
Reply with quote  #2

1558252009
Report to moderator
cryptosmoker
Sr. Member
****
Offline Offline

Activity: 581
Merit: 250


View Profile
October 26, 2015, 04:22:29 AM
 #2

Did you ask whoevers account it was for their secret answer?
ptypichai
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
October 26, 2015, 04:26:51 AM
 #3

Did you ask whoevers account it was for their secret answer?

It is my account. I was traveling on vacation and forgot the password. The secret answer was correct and the password was reset. But I did not know until afterward that Theymos set the board to automatically lock any accounts with password reset by secret question due to hackers. If I had done a password reset by email the account would not have been locked. I only found this out afterward by searching the META section after my acct got locked. No warning that doing the secret question would lock the account. A warning not to do this on the reset page should have been there. It has happened to many senior members who did not know this was implemented by the board operators. It did gave an email address to contact Theymos for a possible unlock. Still waiting for a reply. I have a bitcoin address in the signature so I can do a signed PGP message to prove it is my account if needed.
achow101
Staff
Legendary
*
Offline Offline

Activity: 1764
Merit: 2377


bc1qshxkrpe4arppq89fpzm6c0tpdvx5cfkve2c8kl


View Profile WWW
October 26, 2015, 04:43:34 AM
 #4

See the thread I made about this here: https://bitcointalk.org/index.php?topic=1206977.0
You will find instructions on what to do there.

ptypichai
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
October 26, 2015, 05:25:41 AM
 #5

See the thread I made about this here: https://bitcointalk.org/index.php?topic=1206977.0
You will find instructions on what to do there.

Thanks for the info. When I get home from vacation I will do as you suggested in the linked thread. I have a BTC address in the sig so I should be able to send a signed message. I will send PMs from this account until I get a favorable reply. A warning on the reset page to do by email only to prevent locked accounts would have been nice.
mexxer-2
Hero Member
*****
Offline Offline

Activity: 924
Merit: 1003


4 Mana 7/7


View Profile
October 26, 2015, 05:43:30 AM
 #6

See the thread I made about this here: https://bitcointalk.org/index.php?topic=1206977.0
You will find instructions on what to do there.

Thanks for the info. When I get home from vacation I will do as you suggested in the linked thread. I have a BTC address in the sig so I should be able to send a signed message. I will send PMs from this account until I get a favorable reply. A warning on the reset page to do by email only to prevent locked accounts would have been nice.
It will not be so and this has been discussed in the thread knight pointed you to
I think this was suppose to be a secret.
Why?
I believe it was secret because the answers to the secret questions were leaked when the forum was hacked, and this data was stored in a way that would be fairly easy to hash the data to get the plaintext answers. Since it would be so easy to hack accounts via secret questions, accounts would need to be manually checked by an admin prior to allowing them to have their password reset this way. It should have been a secret so people who were attempting to hack accounts would not know which attack vectors were not going to work, discouraging people to even attempt to hack accounts.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!