kolloh
Legendary
 Offline
Activity: 1736
Merit: 1023
|
 |
December 21, 2016, 03:40:52 PM |
|
Hey guys,
Whole thing was to prove default settings. As I've mentioned it in the first post, I did not set any additional security settings. This is security by default, which each user gets after registration. You can lower it, if you feel comfortable, or increase. It's up to you. But by default you should be as safe as your email provider.
Regarding security problems with email, your account still can be safe even if your email has been compromised. Just set 2FA. You can also set IP address lock, or withdrawal address lock. We provide as many options as you can possibly use.
Regards,
Alex
But if a hacker had hacked the email and he has the password to the account can't he just reset the withdrawal address and the IP address? Or by 2FA you mean other thing than email? I'm sorry if my question was a stupid one, I'm new to this thing. They also have a 2FA option to use your phone as 2FA with Google Authenticator or similar. This is probably an even more secure method than email as they would have to have access to your phone in order to get the 2FA code. 2FA is more secure way that's why you need to be carefull. When and if you enable it, you MUST store somewhere your 16-digit code/key. If you don't and you loose your devise, you are in a black hole...  It's a sad truth far too few people back their 2FA code up. Then what we see is them crying here on BCT that they've lost their 2FA and need help... Yeah, I had an issue one time with an upgrade on Google Authenticator that wiped all 2FA codes from my device. What a nightmare that was. I since switched to Authy which allows you to backup your 2FA codes. I do recommend that you backup your codes or save your recovery key in case something happens as it can be a pain to regain access to sites. |
|
|
|
|
adaseb
Legendary
Offline
Activity: 3766
Merit: 1718
|
|
December 21, 2016, 05:30:34 PM |
|
Hey guys,
Whole thing was to prove default settings. As I've mentioned it in the first post, I did not set any additional security settings. This is security by default, which each user gets after registration. You can lower it, if you feel comfortable, or increase. It's up to you. But by default you should be as safe as your email provider.
Regarding security problems with email, your account still can be safe even if your email has been compromised. Just set 2FA. You can also set IP address lock, or withdrawal address lock. We provide as many options as you can possibly use.
Regards,
Alex
But if a hacker had hacked the email and he has the password to the account can't he just reset the withdrawal address and the IP address? Or by 2FA you mean other thing than email? I'm sorry if my question was a stupid one, I'm new to this thing. They also have a 2FA option to use your phone as 2FA with Google Authenticator or similar. This is probably an even more secure method than email as they would have to have access to your phone in order to get the 2FA code. 2FA is more secure way that's why you need to be carefull. When and if you enable it, you MUST store somewhere your 16-digit code/key. If you don't and you loose your devise, you are in a black hole... It's a sad truth far too few people back their 2FA code up. Then what we see is them crying here on BCT that they've lost their 2FA and need help... Yeah, I had an issue one time with an upgrade on Google Authenticator that wiped all 2FA codes from my device. What a nightmare that was. I since switched to Authy which allows you to backup your 2FA codes. I do recommend that you backup your codes or save your recovery key in case something happens as it can be a pain to regain access to sites. Yes I had this issue also, especially if you are on an iPhone. You can backup almost everything, including the app however it will not backup the 2fa recovery codes for you. It was a big pain however there is an even bigger security risk because as long as someone has access to your email, they can easily reset the 2fa. Hence why its never a good idea to store large amounts of money in any online sites or exchanges. |
|
|
|
|
condoras
Legendary
Offline
Activity: 2940
Merit: 1103
This is what I do. I drink and I know things.
|
|
December 21, 2016, 10:04:56 PM |
|
Hey guys,
Whole thing was to prove default settings. As I've mentioned it in the first post, I did not set any additional security settings. This is security by default, which each user gets after registration. You can lower it, if you feel comfortable, or increase. It's up to you. But by default you should be as safe as your email provider.
Regarding security problems with email, your account still can be safe even if your email has been compromised. Just set 2FA. You can also set IP address lock, or withdrawal address lock. We provide as many options as you can possibly use.
Regards,
Alex
But if a hacker had hacked the email and he has the password to the account can't he just reset the withdrawal address and the IP address? Or by 2FA you mean other thing than email? I'm sorry if my question was a stupid one, I'm new to this thing. They also have a 2FA option to use your phone as 2FA with Google Authenticator or similar. This is probably an even more secure method than email as they would have to have access to your phone in order to get the 2FA code. 2FA is more secure way that's why you need to be carefull. When and if you enable it, you MUST store somewhere your 16-digit code/key. If you don't and you loose your devise, you are in a black hole... It's a sad truth far too few people back their 2FA code up. Then what we see is them crying here on BCT that they've lost their 2FA and need help... Yeah, I had an issue one time with an upgrade on Google Authenticator that wiped all 2FA codes from my device. What a nightmare that was. I since switched to Authy which allows you to backup your 2FA codes. I do recommend that you backup your codes or save your recovery key in case something happens as it can be a pain to regain access to sites. Yes I had this issue also, especially if you are on an iPhone. You can backup almost everything, including the app however it will not backup the 2fa recovery codes for you. It was a big pain however there is an even bigger security risk because as long as someone has access to your email, they can easily reset the 2fa. Hence why its never a good idea to store large amounts of money in any online sites or exchanges. It's really not to good to store large amounts of BTC in exchangers but it's not so easy to wothdraw every time and leave there a specific amount. For me 2 are the best options : 2FA and safe keeping of the key and/or frequently changing passwords. Imho these are the best options atm... |
| | .
.Duelbits. | │ | ..........UNLEASH..........
THE ULTIMATE
GAMING EXPERIENCE | │ | DUELBITS
FANTASY
SPORTS | ████▄▄▄█████▄▄▄
░▄████████████████▄
▐██████████████████▄
████████████████████
████████████████████▌
█████████████████████
████████████████▀▀▀
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀ | .
▬▬
VS
▬▬ | ████▄▄▄█████▄▄▄
░▄████████████████▄
▐██████████████████▄
████████████████████
████████████████████▌
█████████████████████
███████████████████
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀ | /// PLAY FOR FREE ///
WIN FOR REAL | │ | ..PLAY NOW.. | |
|
|
|
adaseb
Legendary
Offline
Activity: 3766
Merit: 1718
|
|
December 21, 2016, 10:23:15 PM |
|
Hey guys,
Whole thing was to prove default settings. As I've mentioned it in the first post, I did not set any additional security settings. This is security by default, which each user gets after registration. You can lower it, if you feel comfortable, or increase. It's up to you. But by default you should be as safe as your email provider.
Regarding security problems with email, your account still can be safe even if your email has been compromised. Just set 2FA. You can also set IP address lock, or withdrawal address lock. We provide as many options as you can possibly use.
Regards,
Alex
But if a hacker had hacked the email and he has the password to the account can't he just reset the withdrawal address and the IP address? Or by 2FA you mean other thing than email? I'm sorry if my question was a stupid one, I'm new to this thing. They also have a 2FA option to use your phone as 2FA with Google Authenticator or similar. This is probably an even more secure method than email as they would have to have access to your phone in order to get the 2FA code. 2FA is more secure way that's why you need to be carefull. When and if you enable it, you MUST store somewhere your 16-digit code/key. If you don't and you loose your devise, you are in a black hole... It's a sad truth far too few people back their 2FA code up. Then what we see is them crying here on BCT that they've lost their 2FA and need help... Yeah, I had an issue one time with an upgrade on Google Authenticator that wiped all 2FA codes from my device. What a nightmare that was. I since switched to Authy which allows you to backup your 2FA codes. I do recommend that you backup your codes or save your recovery key in case something happens as it can be a pain to regain access to sites. Yes I had this issue also, especially if you are on an iPhone. You can backup almost everything, including the app however it will not backup the 2fa recovery codes for you. It was a big pain however there is an even bigger security risk because as long as someone has access to your email, they can easily reset the 2fa. Hence why its never a good idea to store large amounts of money in any online sites or exchanges. It's really not to good to store large amounts of BTC in exchangers but it's not so easy to wothdraw every time and leave there a specific amount. For me 2 are the best options : 2FA and safe keeping of the key and/or frequently changing passwords. Imho these are the best options atm... Changing the password frequently in my opinion is pointless unless you use the same password for all your sites. Normally with a keylogger or some trojan, they will just use the current password anyways so it doesn't make sense to keep changing it. 2FA is good however, many exchanges let you simply reset it when you confirm your email. And when your computer is hacked normally the hacker has access to your mail also. |
|
|
|
|
condoras
Legendary
Offline
Activity: 2940
Merit: 1103
This is what I do. I drink and I know things.
|
|
December 21, 2016, 11:28:55 PM |
|
Hey guys,
Whole thing was to prove default settings. As I've mentioned it in the first post, I did not set any additional security settings. This is security by default, which each user gets after registration. You can lower it, if you feel comfortable, or increase. It's up to you. But by default you should be as safe as your email provider.
Regarding security problems with email, your account still can be safe even if your email has been compromised. Just set 2FA. You can also set IP address lock, or withdrawal address lock. We provide as many options as you can possibly use.
Regards,
Alex
But if a hacker had hacked the email and he has the password to the account can't he just reset the withdrawal address and the IP address? Or by 2FA you mean other thing than email? I'm sorry if my question was a stupid one, I'm new to this thing. They also have a 2FA option to use your phone as 2FA with Google Authenticator or similar. This is probably an even more secure method than email as they would have to have access to your phone in order to get the 2FA code. 2FA is more secure way that's why you need to be carefull. When and if you enable it, you MUST store somewhere your 16-digit code/key. If you don't and you loose your devise, you are in a black hole... It's a sad truth far too few people back their 2FA code up. Then what we see is them crying here on BCT that they've lost their 2FA and need help... Yeah, I had an issue one time with an upgrade on Google Authenticator that wiped all 2FA codes from my device. What a nightmare that was. I since switched to Authy which allows you to backup your 2FA codes. I do recommend that you backup your codes or save your recovery key in case something happens as it can be a pain to regain access to sites. Yes I had this issue also, especially if you are on an iPhone. You can backup almost everything, including the app however it will not backup the 2fa recovery codes for you. It was a big pain however there is an even bigger security risk because as long as someone has access to your email, they can easily reset the 2fa. Hence why its never a good idea to store large amounts of money in any online sites or exchanges. It's really not to good to store large amounts of BTC in exchangers but it's not so easy to wothdraw every time and leave there a specific amount. For me 2 are the best options : 2FA and safe keeping of the key and/or frequently changing passwords. Imho these are the best options atm... Changing the password frequently in my opinion is pointless unless you use the same password for all your sites. Normally with a keylogger or some trojan, they will just use the current password anyways so it doesn't make sense to keep changing it. 2FA is good however, many exchanges let you simply reset it when you confirm your email. And when your computer is hacked normally the hacker has access to your mail also. Well, you just spoke the truth man.  I still don't know though any other way to be more secure than these 2 for online purposes... |
| | .
.Duelbits. | │ | ..........UNLEASH..........
THE ULTIMATE
GAMING EXPERIENCE | │ | DUELBITS
FANTASY
SPORTS | ████▄▄▄█████▄▄▄
░▄████████████████▄
▐██████████████████▄
████████████████████
████████████████████▌
█████████████████████
████████████████▀▀▀
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀ | .
▬▬
VS
▬▬ | ████▄▄▄█████▄▄▄
░▄████████████████▄
▐██████████████████▄
████████████████████
████████████████████▌
█████████████████████
███████████████████
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀ | /// PLAY FOR FREE ///
WIN FOR REAL | │ | ..PLAY NOW.. | |
|
|
|
cpfreeplz
Legendary
Offline
Activity: 966
Merit: 1042
|
|
December 21, 2016, 11:34:58 PM |
|
Wtf. So you have 2FA? That's your big gimmick as to why I should gamble with you? This is poor at best. A lot of people use the same passwords everywhere even h they know they shouldn't, so this isn't saying you have good security, it's just that you have 2FA. It's good, but if the email password is the same it's useless.
|
|
|
|
|
actmyname
Copper Member
Legendary
Offline
Activity: 2562
Merit: 2504
Spear the bees
|
|
December 21, 2016, 11:39:02 PM |
|
Yes it only seems they have email authentication system like few sites and specially blockchain and yobit have right now. However that simple process can add great security feature to any platform.
The security should be a given. At the very least there should be email authentication. But there is also no point to remove it from that account, by keeping that 1 btc in that account and giving username password combo they are trying to attract more users to play in their platform which i have never seen done by any other gambling platform before.
Are you stupid? Who would even know the difference? This is just to advertise their security. Keeping a bitcoin in the account is completely pointless. Though, even if they did keep the bitcoin in there they could just simply block all withdrawal/tip requests from the account.
Yeah, I suppose its not really a "promo" per se and is designed to show off the security features of the site. However, the 1 BTC reward acts as a bounty if someone did manage to get in the account. Nobody would know if they removed it unless someone managed to get into the account. While unlikely, it is possible someone manages to find a bug or something. There is really no reason for them to prematurely remove the 1 BTC either. I'm sure after a certain length of time has passed, they will publicly state they are removing it if no one was successful in accessing it.
And you're rewarding someone that exploits security flaws? The only real reason you might want to keep funds in there is in case there /are/ flaws - someone who exploited them would probably withdraw the bitcoins and then you can close and investigate the site. ... but why go through the trouble of "purchasing" insurance when in reality you can just remove the 'reward' and monitor the account activity (with IP connections)? And it's also more likely that if someone found a security vulnerability, they would go after whales instead of a measly 1 BTC.
Even if they did remove it, all you need to do is to show the screenshot of yourself manage to get into the account and they will still credit your account with 1 btc given that they havent end this event yet however pretty sure that they wont end it , just showcassing this actually give the site some credibility
Why would they bother crediting someone? ... and in the case of screenshots as proof, I'll leave it at this: Photoshop has existed for a very long time.
Wtf. So you have 2FA? That's your big gimmick as to why I should gamble with you? This is poor at best. A lot of people use the same passwords everywhere even h they know they shouldn't, so this isn't saying you have good security, it's just that you have 2FA. It's good, but if the email password is the same it's useless.
And people would find out the email how exactly? Keep in mind that both email authentication and 2FA are possibilities for security reinforcement on the site - email is just on by default. And hey, if the email password is the same... then that's the user's fault.
|
|
|
|
BTCevo
Legendary
Offline
Activity: 1834
Merit: 1008
|
|
December 22, 2016, 12:14:02 AM |
|
Hey guys,
Whole thing was to prove default settings. As I've mentioned it in the first post, I did not set any additional security settings. This is security by default, which each user gets after registration. You can lower it, if you feel comfortable, or increase. It's up to you. But by default you should be as safe as your email provider.
Regarding security problems with email, your account still can be safe even if your email has been compromised. Just set 2FA. You can also set IP address lock, or withdrawal address lock. We provide as many options as you can possibly use.
Regards,
Alex
But if a hacker had hacked the email and he has the password to the account can't he just reset the withdrawal address and the IP address? Or by 2FA you mean other thing than email? I'm sorry if my question was a stupid one, I'm new to this thing. They also have a 2FA option to use your phone as 2FA with Google Authenticator or similar. This is probably an even more secure method than email as they would have to have access to your phone in order to get the 2FA code. 2FA is more secure way that's why you need to be carefull. When and if you enable it, you MUST store somewhere your 16-digit code/key. If you don't and you loose your devise, you are in a black hole... It's a sad truth far too few people back their 2FA code up. Then what we see is them crying here on BCT that they've lost their 2FA and need help... But not all people are using this 2fa as their protection though because they think that they are not going to play on particular site for long enough. So why should they get 2fa then? It will just annoying to see a lot of 2fa numbers on many sites. For me I prefer to put 2fa on some specific sites that I visit often |
|
|
|
|
erwin45hacked
Legendary
Offline
Activity: 1064
Merit: 1000
|
|
December 22, 2016, 05:40:32 AM |
|
Wtf. So you have 2FA? That's your big gimmick as to why I should gamble with you? This is poor at best. A lot of people use the same passwords everywhere even h they know they shouldn't, so this isn't saying you have good security, it's just that you have 2FA. It's good, but if the email password is the same it's useless.
2fa is just another security layer and with some extra security it wont be hurting yourself. Everyone is actually responsible for their own security so if you are using the same password all over anything you sign up to then thats your responsibility not that even the site with the best security will be able to help you |
|
|
|
|
|
Qartersa
|
|
December 22, 2016, 06:08:15 AM |
|
Wtf. So you have 2FA? That's your big gimmick as to why I should gamble with you? This is poor at best. A lot of people use the same passwords everywhere even h they know they shouldn't, so this isn't saying you have good security, it's just that you have 2FA. It's good, but if the email password is the same it's useless.
2fa is just another security layer and with some extra security it wont be hurting yourself. Everyone is actually responsible for their own security so if you are using the same password all over anything you sign up to then thats your responsibility not that even the site with the best security will be able to help you 2FA is really a great way to secure your account. Indeed it won't hurt get another layer of protection into your account and having more would be better. A hacker though, if he really wanted to hack a gambling site, they would not go for an individuals account. Why target small fish if you can catch all the fish in it, right? So I guess accounts would be out of the questions if a hackers does go for a casino. He would for sure target the whole bankroll. |
|
|
|
|
BitDiceOfficial
Member
Offline
Activity: 70
Merit: 10
|
|
December 22, 2016, 06:42:37 AM
Last edit: December 22, 2016, 07:34:46 AM by BitDiceOfficial |
|
Wtf. So you have 2FA? That's your big gimmick as to why I should gamble with you? This is poor at best. A lot of people use the same passwords everywhere even h they know they shouldn't, so this isn't saying you have good security, it's just that you have 2FA. It's good, but if the email password is the same it's useless.
The account was made by default security settings and it was set up to show the basic security. To show that even if you do not want to set up max security you can still feel secure. If someone wants to increase their security they can do so by: Adding mobile 2FA and Whitelist their IP(Meaning the user can log into the account ONLY with the whitelisted IP. These additional features make it much harder for anyone to try hack into an account. |
|
|
|
|
milewilda
Legendary
Offline
Activity: 3122
Merit: 1129
|
|
December 22, 2016, 10:24:07 AM |
|
Wtf. So you have 2FA? That's your big gimmick as to why I should gamble with you? This is poor at best. A lot of people use the same passwords everywhere even h they know they shouldn't, so this isn't saying you have good security, it's just that you have 2FA. It's good, but if the email password is the same it's useless.
The account was made by default security settings and it was set up to show the basic security. To show that even if you do not want to set up max security you can still feel secure. If someone wants to increase their security they can do so by: Adding mobile 2FA and Whitelist their IP(Meaning the user can log into the account ONLY with the whitelisted IP. These additional features make it much harder for anyone to try hack into an account. Having 2fa will surely break the head and the hopes of a hacker when he tend to bruteforce a certain account and we all know that setting 2fa would increase the security of the account but in the account of admin have been exposed it dont have 2fa as he mentioned but i think it would be still hard. Until now,im sure that no one still could able to get the 1 btc bounty inside of the account given. |
|
|
|
|
dogedice.me (OP)
|
|
December 22, 2016, 04:05:08 PM |
|
Yes it only seems they have email authentication system like few sites and specially blockchain and yobit have right now. However that simple process can add great security feature to any platform.
The security should be a given. At the very least there should be email authentication. But there is also no point to remove it from that account, by keeping that 1 btc in that account and giving username password combo they are trying to attract more users to play in their platform which i have never seen done by any other gambling platform before.
Are you stupid? Who would even know the difference? This is just to advertise their security. Keeping a bitcoin in the account is completely pointless. Though, even if they did keep the bitcoin in there they could just simply block all withdrawal/tip requests from the account.
Yeah, I suppose its not really a "promo" per se and is designed to show off the security features of the site. However, the 1 BTC reward acts as a bounty if someone did manage to get in the account. Nobody would know if they removed it unless someone managed to get into the account. While unlikely, it is possible someone manages to find a bug or something. There is really no reason for them to prematurely remove the 1 BTC either. I'm sure after a certain length of time has passed, they will publicly state they are removing it if no one was successful in accessing it.
And you're rewarding someone that exploits security flaws? The only real reason you might want to keep funds in there is in case there /are/ flaws - someone who exploited them would probably withdraw the bitcoins and then you can close and investigate the site. ... but why go through the trouble of "purchasing" insurance when in reality you can just remove the 'reward' and monitor the account activity (with IP connections)? And it's also more likely that if someone found a security vulnerability, they would go after whales instead of a measly 1 BTC.
Even if they did remove it, all you need to do is to show the screenshot of yourself manage to get into the account and they will still credit your account with 1 btc given that they havent end this event yet however pretty sure that they wont end it , just showcassing this actually give the site some credibility
Why would they bother crediting someone? ... and in the case of screenshots as proof, I'll leave it at this: Photoshop has existed for a very long time.
Wtf. So you have 2FA? That's your big gimmick as to why I should gamble with you? This is poor at best. A lot of people use the same passwords everywhere even h they know they shouldn't, so this isn't saying you have good security, it's just that you have 2FA. It's good, but if the email password is the same it's useless.
And people would find out the email how exactly? Keep in mind that both email authentication and 2FA are possibilities for security reinforcement on the site - email is just on by default. And hey, if the email password is the same... then that's the user's fault. I will answer you directly, as you continue to say that I've removed 1BTC from the account. Just a rhetoric question, do you always think people are lying to you? User hack_me has 1 BTC on a balance, I did not remove it, nor I will remove it. There are no locks on withdrawal or tips, or rain. Only DEFAULT settings for each and every other users on our website. If by anyway, you will be able to get in, you will be able to withdraw it instantly. The reason it is there because I said so and actually credited him 1BTC. I do not care anymore about that 1 BTC as it has been spent on marketing. So unless you want to say I'm lying, I'm asking you to stop spreading misleading comments. Regarding general security on BitDice. As Steven already replied, it's more a marketing event, we show users that they are safe EVEN when they do not care about it. And no, email isn't a single point of failure as users can set actual 2FA, IP Lock, and Address Lock. You can not remove nor sign in without turning off 2FA or IP lock even if you have access to the email. Regards, Alex |
|
|
|
|
carlisle1
|
|
December 22, 2016, 05:26:48 PM |
|
while reading the title of the thread I though it was really all about the hack or trick to get 1btc by playng in bitdice but when I opened this thread it was like an epic fail for me  but still it's really great that you proved to your players that your platform is highly secured, safe and invulnerable for the hackers . keep up the good work and more power to your site . |
|
|
|
|
HaydenBruin
Full Member
Offline
Activity: 157
Merit: 100
Need a Website or A Web App? Let me know!
|
|
December 22, 2016, 11:08:43 PM |
|
It was just to show off a simple feature and getting more Unique visitors and page views.
Nice.
|
Need a Website or A Web App? Let me know!
|
|
|
actmyname
Copper Member
Legendary
Offline
Activity: 2562
Merit: 2504
Spear the bees
|
|
December 22, 2016, 11:29:32 PM |
|
I will answer you directly, as you continue to say that I've removed 1BTC from the account. Just a rhetoric question, do you always think people are lying to you?
I would continue to state that since there is no need to keep the 1 BTC in the account, that you may have removed it. The reason it is there because I said so and actually credited him 1BTC. I do not care anymore about that 1 BTC as it has been spent on marketing. So unless you want to say I'm lying, I'm asking you to stop spreading misleading comments.
You may assume they are misleading and you can consider me as someone who is senselessly spreading FUD -- though by stating that no one would know the difference if you removed it or not simply attests to the fact that your security would likely be sufficient to hold off anybody outside of staff. Regarding general security on BitDice. As Steven already replied, it's more a marketing event, we show users that they are safe EVEN when they do not care about it. And no, email isn't a single point of failure as users can set actual 2FA, IP Lock, and Address Lock. You can not remove nor sign in without turning off 2FA or IP lock even if you have access to the email.
I understand this, acknowledge the fact that this is for marketing, and have previously stated this: And people would find out the email how exactly? Keep in mind that both email authentication and 2FA are possibilities for security reinforcement on the site - email is just on by default. And hey, if the email password is the same... then that's the user's fault.
and it's fine! I'm glad that you have email authentication (for foreign IP's, I assume) enabled by default. That shows good service in the case where your consumers care about convenience but you are still willing to implement some security to protect them. (** and also allows you to defend more easily against "hacked account" claims)
All I was proposing was the fact that you would have been able to do this marketing for free. I'm not saying your site isn't reputable -- just that this is simply a PR thing and could have just as easily been on an account with a balance of 0. Do you agree? no hard feelings, not trying to make enemies here |
|
|
|
managedgambling.com
Newbie
Offline
Activity: 14
Merit: 0
|
|
December 22, 2016, 11:59:20 PM |
|
i have seen a similar system in other sites too...
|
|
|
|
|
monbux
Legendary
Offline
Activity: 1736
Merit: 1029
|
|
December 23, 2016, 01:51:38 AM |
|
Hey guys,
Whole thing was to prove default settings. As I've mentioned it in the first post, I did not set any additional security settings. This is security by default, which each user gets after registration. You can lower it, if you feel comfortable, or increase. It's up to you. But by default you should be as safe as your email provider.
Regarding security problems with email, your account still can be safe even if your email has been compromised. Just set 2FA. You can also set IP address lock, or withdrawal address lock. We provide as many options as you can possibly use.
Regards,
Alex
But if a hacker had hacked the email and he has the password to the account can't he just reset the withdrawal address and the IP address? Or by 2FA you mean other thing than email? I'm sorry if my question was a stupid one, I'm new to this thing. They also have a 2FA option to use your phone as 2FA with Google Authenticator or similar. This is probably an even more secure method than email as they would have to have access to your phone in order to get the 2FA code. 2FA is more secure way that's why you need to be carefull. When and if you enable it, you MUST store somewhere your 16-digit code/key. If you don't and you loose your devise, you are in a black hole... It's a sad truth far too few people back their 2FA code up. Then what we see is them crying here on BCT that they've lost their 2FA and need help... Yeah, I had an issue one time with an upgrade on Google Authenticator that wiped all 2FA codes from my device. What a nightmare that was. I since switched to Authy which allows you to backup your 2FA codes. I do recommend that you backup your codes or save your recovery key in case something happens as it can be a pain to regain access to sites. Yes I had this issue also, especially if you are on an iPhone. You can backup almost everything, including the app however it will not backup the 2fa recovery codes for you. It was a big pain however there is an even bigger security risk because as long as someone has access to your email, they can easily reset the 2fa. Hence why its never a good idea to store large amounts of money in any online sites or exchanges. It's really not to good to store large amounts of BTC in exchangers but it's not so easy to wothdraw every time and leave there a specific amount. For me 2 are the best options : 2FA and safe keeping of the key and/or frequently changing passwords. Imho these are the best options atm... Usually I don't remember to store the backup key for the 2FA autheticator, phone got destroyed/lost multiple times and was NOT a plesant experience. The biggest problem was trying to remember every single site I was actively using 2FA on... Definetly recommend actually keeping the backup codes. |
|
|
|
|
carmenullery
Newbie
Offline
Activity: 3
Merit: 0
|
|
December 24, 2016, 09:33:02 PM |
|
honestly any good person who is involved in security wouldn't waste their time with this for indian tier money lol..
I know a bypass, but there is literally no point, tip it 10+ btc if you want results.
sorry, i don't get out of bed for less then 5 thousand dollars.
|
|
|
|
|
UGMZ
Newbie
Offline
Activity: 14
Merit: 0
|
|
December 24, 2016, 10:29:38 PM |
|
1.4 million passwords attempted to gain access to your site...
Looks secure to me!
Few issues I did find will be submitted via email for security reasons.
Ps when posting something online saying come hack us.. that in my eyes sends the wrong signals.
You should of done this via bug crowd don't be surprised if you find hackers poking about your server.. seems you don't even use cloudflare to hide the IP.. and with multiple servers and ports open.. expect some people to try other tactics as you boast about "how secure" you are..
|
|
|
|
|
|
