Bitcoin Forum
December 17, 2017, 09:45:54 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2]  All
  Print  
Author Topic: Bitcointalk Forum's Security  (Read 1630 times)
Coding Enthusiast
Sr. Member
****
Offline Offline

Activity: 428


Novice C♯ Coder


View Profile WWW
September 26, 2016, 06:41:24 AM
 #21

email recovery is for Neanderthals.

if anything we should implement a way to change, verify, recover,... accounts only using a signed message from a staked bitcoin address instead of using Email recovery, Secret question recovery,...

Projects List+Suggestion box
Donation link using BIP21
BitcoinTransactionTool (0.9.2):  Ann - Source Code
Watch Only Bitcoin Wallet (2.3.0):  Ann - Source Code
SharpPusher-broadcast transactions (0.10.0): Ann - Source Code

1513547154
Hero Member
*
Offline Offline

Posts: 1513547154

View Profile Personal Message (Offline)

Ignore
1513547154
Reply with quote  #2

1513547154
Report to moderator
1513547154
Hero Member
*
Offline Offline

Posts: 1513547154

View Profile Personal Message (Offline)

Ignore
1513547154
Reply with quote  #2

1513547154
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513547154
Hero Member
*
Offline Offline

Posts: 1513547154

View Profile Personal Message (Offline)

Ignore
1513547154
Reply with quote  #2

1513547154
Report to moderator
francisdean
Hero Member
*****
Offline Offline

Activity: 618


View Profile
September 26, 2016, 08:33:44 AM
 #22

not possible with current forum owner and staff. Stop asking for more security if it is obvious, theymos does not want more security, be clever to understand the reason/s.

There are simple and complex solutions for your request, in your words, it is very easy. But theymos denied any suggestion or help, make your own conclusions, if you would understand me, you would lock your own thread.

what would the reasons be?

DONATE: 1CThzMwKtAWyg4PHDYqqFQkFqKyuMenpB2
francisdean
Hero Member
*****
Offline Offline

Activity: 618


View Profile
September 26, 2016, 08:37:49 AM
 #23

i agree. we should start disallowing disposable email addresses during signup.

Like what? If you mean temporary email addresses, it's easy to see that you could sign up for a gmail account in about 2 minutes and use that as a "disposable email address".

Adhere to proper Internet safety and you should be fine. Change your password regularly (or use a manager if you truly wish) and keep your computer virus-free. It's easy, really. You just have to not be stupid.

my password is secure. even my computer. my computer is encrypted even my connections. what questions me is that duting time i was hacked, only the email address was changed,  i never saw any changes in the password but i can't use my password. that means this website was penetrated. a lot of hero members have been hacked as well, i could link you their profiles. only their email was changed.

DONATE: 1CThzMwKtAWyg4PHDYqqFQkFqKyuMenpB2
francisdean
Hero Member
*****
Offline Offline

Activity: 618


View Profile
September 26, 2016, 08:40:16 AM
 #24

email recovery is for Neanderthals.

if anything we should implement a way to change, verify, recover,... accounts only using a signed message from a staked bitcoin address instead of using Email recovery, Secret question recovery,...

or we could use Fido U2F Security Key for 2 - step verification.

DONATE: 1CThzMwKtAWyg4PHDYqqFQkFqKyuMenpB2
ndnh
Legendary
*
Offline Offline

Activity: 1288


New Decentralized Nuclear Hobbit


View Profile
September 27, 2016, 02:30:49 AM
 #25

A lot of users have been hacked this past few days, weeks or months. I'm not sure. I'm one of those who have been recently hacked.
And thanks to Cyrus and Theymos i managed to get my account back. The things is i don't want this kind of thing to keep on happening!
I don't want this to happen to other users and i think my idea would be a great leap to our forum's security.

So here's how it's going to work. Most of us that we're hacked weren't able to regain access on our account because our email was changed.
What if every time a user wants to change his email he needs to authenticate that request using the current email address registered to his account.
And after authenticating the request there will be a 24 hour process. The user can still cancel it within 24 hours if he change his mind.
24 hour process for what? You have to wait 24 hours to change the email? That's just plain stupid. What if the hacker got into your email as well?

The only good idea here is to validate that the email or password was changed. Unfortunately that isn't going to happen since a lot of users here just registered with a fake email address.


Yup. Sad

Anyway, the new forum should have 2FA.
royalfestus
Hero Member
*****
Offline Offline

Activity: 490


“Best IoT Platform Based on Blockchain”


View Profile
September 27, 2016, 09:32:00 AM
 #26

The last time I checked for bitcointalk app on android phone, it showed an application on bitcoin with more than 6 months application update. Which I dont think it's a good quality of a safe app.


     
     ██
    ███
  █ ███
 ██ ███
 ██ ███
 ██ ███
 ██ ███
 ██ ███
 ██ ███
 █  ██
   



         ▄▄▄██████████▄▄▄
      ▄████████████████████▄
    ▄████████████████████████▄
   █████▀▀▀▀▀▀███████▀▀▀▀▀▀████
  ██████      ███████      █████
 █████████▌   ███████   █████████
▐█████████▌   ███████   █████████▌
████████                   ███████
▐███████▄▄▄   ▄▄▄▄▄▄▄   ▄▄▄██████▌
 ██████████   ███████   █████████
  ██████▀▀▀   ███████   ▀▀▀█████
   █████      ███████      ████
    ▀████████████████████████▀
      ▀████████████████████▀
         ▀▀▀██████████▀▀▀


 
 ▄▄         ▄▄             ▄▄
▐██▌       ▐██▌           ███▌
▐██▌       ▐██▌     ▄▄▄▄▄▄███▌      ▄▄▄▄▄▄▄▄▄     ▄▄▄▄▄▄▄▄▄
▐██▌       ▐██▌   ▄██████████▌   ▄███████████   ▄██████████
▐█████████████▌  ███▀     ▐██▌  ▐███▀     ███  ▐███▀
▐██▌       ▐██▌ ▐██▌      ▐██▌  ███▌      ███  ███▌
▐██▌       ▐██▌  ███▄     ▐██▌  ▐███▄     ███  ▐███▄
▐██▌       ▐██▌   ▀██████████▌   ▀██████  ███   ▀██████████
▀▀         ▀▀       ▀▀▀▀▀▀▀▀       ▀▀▀▀  ▀▀▀      ▀▀▀▀▀▀▀▀


██
███
███
███ ██
███ ██
███ ██
███ ██
███ ██
███ ██
 ██ 
  █

██    Whitepaper    ██
.
██████████████████████████████████████████████████████████████████████████████████████████████
.
FacebookTwitterBitcointalk
Omegasun
Hero Member
*****
Offline Offline

Activity: 602


Professional Ghoul Hunter


View Profile
September 27, 2016, 10:35:13 AM
 #27

i think signed message must required for account to ensure that the accounts is really belong to the real owner. But for the security purposes, i think all forum is hackable. But putting some secret question on log in is good security features. And limit now the registration and used some invite code before registration.

rizzlarolla
Hero Member
*****
Offline Offline

Activity: 798


View Profile
September 27, 2016, 07:12:51 PM
 #28

i think signed message must required for account to ensure that the accounts is really belong to the real owner. But for the security purposes, i think all forum is hackable. But putting some secret question on log in is good security features. And limit now the registration and used some invite code before registration.

Do we really need farmed accounts advising on security?
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!