Bitcointalk Forum's Security

[Coding Enthusiast]

email recovery is for Neanderthals.

if anything we should implement a way to change, verify, recover,... accounts only using a signed message from a staked bitcoin address instead of using Email recovery, Secret question recovery,...

[1713250268]

1713250268

[1713250268]

1713250268

[1713250268]

1713250268

[1713250268]

1713250268

[francisdean]

not possible with current forum owner and staff. Stop asking for more security if it is obvious, theymos does not want more security, be clever to understand the reason/s.

There are simple and complex solutions for your request, in your words, it is very easy. But theymos denied any suggestion or help, make your own conclusions, if you would understand me, you would lock your own thread.

what would the reasons be?

[francisdean]

i agree. we should start disallowing disposable email addresses during signup.

Like what? If you mean temporary email addresses, it's easy to see that you could sign up for a gmail account in about 2 minutes and use that as a "disposable email address".

Adhere to proper Internet safety and you should be fine. Change your password regularly (or use a manager if you truly wish) and keep your computer virus-free. It's easy, really. You just have to not be stupid.

my password is secure. even my computer. my computer is encrypted even my connections. what questions me is that duting time i was hacked, only the email address was changed,  i never saw any changes in the password but i can't use my password. that means this website was penetrated. a lot of hero members have been hacked as well, i could link you their profiles. only their email was changed.

[francisdean]

email recovery is for Neanderthals.

if anything we should implement a way to change, verify, recover,... accounts only using a signed message from a staked bitcoin address instead of using Email recovery, Secret question recovery,...

or we could use Fido U2F Security Key for 2 - step verification.

[ndnh]

A lot of users have been hacked this past few days, weeks or months. I'm not sure. I'm one of those who have been recently hacked.
And thanks to Cyrus and Theymos i managed to get my account back. The things is i don't want this kind of thing to keep on happening!
I don't want this to happen to other users and i think my idea would be a great leap to our forum's security.

So here's how it's going to work. Most of us that we're hacked weren't able to regain access on our account because our email was changed.
What if every time a user wants to change his email he needs to authenticate that request using the current email address registered to his account.
And after authenticating the request there will be a 24 hour process. The user can still cancel it within 24 hours if he change his mind.

24 hour process for what? You have to wait 24 hours to change the email? That's just plain stupid. What if the hacker got into your email as well?

The only good idea here is to validate that the email or password was changed. Unfortunately that isn't going to happen since a lot of users here just registered with a fake email address.

Yup.

Anyway, the new forum should have 2FA.

[royalfestus]

The last time I checked for bitcointalk app on android phone, it showed an application on bitcoin with more than 6 months application update. Which I dont think it's a good quality of a safe app.

[Omegasun]

i think signed message must required for account to ensure that the accounts is really belong to the real owner. But for the security purposes, i think all forum is hackable. But putting some secret question on log in is good security features. And limit now the registration and used some invite code before registration.

[rizzlarolla]

i think signed message must required for account to ensure that the accounts is really belong to the real owner. But for the security purposes, i think all forum is hackable. But putting some secret question on log in is good security features. And limit now the registration and used some invite code before registration.

Do we really need farmed accounts advising on security?