Bitcoin Forum
July 17, 2019, 11:27:51 PM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: « 1 [2]  All
  Print  
Author Topic: 2FA to Active on Bitcointalk Forum (Requested to Admin)  (Read 1481 times)
EpicFail
Member
**
Offline Offline

Activity: 94
Merit: 10


View Profile
August 24, 2017, 09:02:16 PM
 #21

Just bumping this in hopes something gets done soon.


We've been asking for this since around 2011 or 2012 when financial transactions started happening based on forum userids. Back then, the response was that it would be incorporated into the new forum software.
1563406071
Hero Member
*
Offline Offline

Posts: 1563406071

View Profile Personal Message (Offline)

Ignore
1563406071
Reply with quote  #2

1563406071
Report to moderator
1563406071
Hero Member
*
Offline Offline

Posts: 1563406071

View Profile Personal Message (Offline)

Ignore
1563406071
Reply with quote  #2

1563406071
Report to moderator
1563406071
Hero Member
*
Offline Offline

Posts: 1563406071

View Profile Personal Message (Offline)

Ignore
1563406071
Reply with quote  #2

1563406071
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1563406071
Hero Member
*
Offline Offline

Posts: 1563406071

View Profile Personal Message (Offline)

Ignore
1563406071
Reply with quote  #2

1563406071
Report to moderator
1563406071
Hero Member
*
Offline Offline

Posts: 1563406071

View Profile Personal Message (Offline)

Ignore
1563406071
Reply with quote  #2

1563406071
Report to moderator
1563406071
Hero Member
*
Offline Offline

Posts: 1563406071

View Profile Personal Message (Offline)

Ignore
1563406071
Reply with quote  #2

1563406071
Report to moderator
shield132
Hero Member
*****
Offline Offline

Activity: 1176
Merit: 541


In bit we sler, Bitsler


View Profile
August 24, 2017, 09:56:17 PM
 #22

Just bumping this in hopes something gets done soon.


We've been asking for this since around 2011 or 2012 when financial transactions started happening based on forum userids. Back then, the response was that it would be incorporated into the new forum software.
As it was said everything good will be included into new forum software but that new software isn't coming and as it seems we have to wait still much.
So adding 2fa will be good to avoid so much account hacks, imagine situation of Condoras when trusted person's account was hacked and condoras lost maybe 0.4btc (can't remember).  Adding 2fa can avoid many unwanted situation.
I agree, let's add 2fa.

Nalienn
Full Member
***
Offline Offline

Activity: 182
Merit: 100


View Profile
August 24, 2017, 11:24:57 PM
 #23

Just bumping this in hopes something gets done soon.


We've been asking for this since around 2011 or 2012 when financial transactions started happening based on forum userids. Back then, the response was that it would be incorporated into the new forum software.
Well, if nothing happens this forum will just be replaced by something better in the future. The state this place is currently in is completely unacceptable. I've literally never seen or used any place with as atrociously awful security as this forum in my 20 years on the internet.
BitMaxz
Legendary
*
Online Online

Activity: 1498
Merit: 1206


Beware on fake trezor website from google ads.


View Profile WWW
August 24, 2017, 11:25:18 PM
 #24

Just bumping this in hopes something gets done soon.


We've been asking for this since around 2011 or 2012 when financial transactions started happening based on forum userids. Back then, the response was that it would be incorporated into the new forum software.
As it was said everything good will be included into new forum software but that new software isn't coming and as it seems we have to wait still much.
So adding 2fa will be good to avoid so much account hacks, imagine situation of Condoras when trusted person's account was hacked and condoras lost maybe 0.4btc (can't remember).  Adding 2fa can avoid many unwanted situation.
I agree, let's add 2fa.
That was good idea to add 2fa authentication but honestly its really hard for now to access this forum and i am having issue when logging in with my account with google captcha that is why right now i just save the cookies and cache of my browser and never deleted so if this will be happen hope the google captcha can be removed and changed back to the old captcha so that i can login without having problem about my javascript  or google captcha..

Vod
Legendary
*
Offline Offline

Activity: 2814
Merit: 2270


Licking my boob since 1970


View Profile WWW
August 25, 2017, 12:21:15 AM
 #25

Literally everything uses 2FA these days

Not true.  My coffee maker doesn't.

I'm into creating universes, smiting people, writing holy books and listening to Prayer Messages (PMs).
BitcoinTalk Public Information Project (BPIP)  - BPIP Reports
"Masturbation makes you feel good but doesn't do anything for the person you're thinking of.  Just like prayer."
groko271
Hero Member
*****
Offline Offline

Activity: 785
Merit: 505



View Profile
August 25, 2017, 02:56:59 AM
Last edit: August 25, 2017, 08:37:24 AM by groko271
 #26

2fa should have been implemented immediately after the last social engineering hack-job was done on the forum.

X
Nalienn
Full Member
***
Offline Offline

Activity: 182
Merit: 100


View Profile
August 26, 2017, 03:24:10 AM
 #27

Literally everything uses 2FA these days

Not true.  My coffee maker doesn't.
I guess you're one of the few remaining WW2 Veterans? Coffee makers without 2FA haven't been made in decades.
Oo ako to
Full Member
***
Offline Offline

Activity: 238
Merit: 100


View Profile
August 28, 2017, 07:19:24 AM
 #28

I agree. Legendary accounts are very precious in this forum so if I have been promoted in that rank then I will be very worried about it getting hacked. I hope they do that next year.
chencho777
Member
**
Offline Offline

Activity: 101
Merit: 10


View Profile
October 11, 2017, 07:28:30 PM
 #29

I lost my Sr.Member account today because someone hacked it and I didn't notice the hacker changed my email and password (I think I should have got a warning email or something like that).

Seems this is a must have feature, most hacks could be avoided thanks to 2FA. Admins please, take it into account!
Coiner_
Full Member
***
Offline Offline

Activity: 266
Merit: 102


View Profile
October 12, 2017, 03:32:42 PM
 #30

I lost my Sr.Member account today because someone hacked it and I didn't notice the hacker changed my email and password (I think I should have got a warning email or something like that).

Seems this is a must have feature, most hacks could be avoided thanks to 2FA. Admins please, take it into account!


AFAIK it's a planned feature for the new/updated/replacement forum at beta.bitcointalk.org. Of course that doesn't solve the issue here and if that replacement never comes out of beta, but, at least they're taking it into account.
chencho777
Member
**
Offline Offline

Activity: 101
Merit: 10


View Profile
October 12, 2017, 09:58:08 PM
 #31

I lost my Sr.Member account today because someone hacked it and I didn't notice the hacker changed my email and password (I think I should have got a warning email or something like that).

Seems this is a must have feature, most hacks could be avoided thanks to 2FA. Admins please, take it into account!


AFAIK it's a planned feature for the new/updated/replacement forum at beta.bitcointalk.org. Of course that doesn't solve the issue here and if that replacement never comes out of beta, but, at least they're taking it into account.
I didn't know.  That's definitely good news.  Thank you so much for the update.
Intel 4004
Member
**
Offline Offline

Activity: 98
Merit: 10

Nimium ne crede colori


View Profile WWW
October 12, 2017, 10:25:07 PM
 #32

I lost my Sr.Member account today because someone hacked it and I didn't notice the hacker changed my email and password (I think I should have got a warning email or something like that).

Seems this is a must have feature, most hacks could be avoided thanks to 2FA. Admins please, take it into account!


AFAIK it's a planned feature for the new/updated/replacement forum at beta.bitcointalk.org. Of course that doesn't solve the issue here and if that replacement never comes out of beta, but, at least they're taking it into account.

That's a really good news! I advise you to activate 2FA for every account you have. It's already a standard of security in the digital world and in the next months/years adoption will grow.
PS: I personally advise you "Authy" as 2FA app; but the best 2FA is FIDO U2F/Security Keys.

Babebottle
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
October 13, 2017, 02:41:23 PM
 #33

I vote for  Google Authentication , this is really easy to use, and much safer.
Coin-Keeper
Hero Member
*****
Offline Offline

Activity: 581
Merit: 502



View Profile
October 28, 2017, 06:51:04 PM
Last edit: October 28, 2017, 10:49:27 PM by Coin-Keeper
 #34

I vote for  Google Authentication , this is really easy to use, and much safer.

Nothing is as safe as a physical key because ALL smartphone authenticator programs can be phished or worse.  Reminding you guys that security is what I do.  I have Yubikey with NFC (there are a few others around too) which is REAL U2F, and its beyond being compromised unless the stick is in your hands.  For some reading along here, but yet not familiar with U2F let me draw a parallel to the Trezors many of us use.  The software apps (like Electrum for instance) are somewhat secure.  However the software is susceptible if "cooties" are on the smartphone and things entered are being captured or re-directed.  Just like the Trezor for BTC permanently hides the keys needed to move coins, the physical U2F element never discloses its credentials to any malware infested device.  The workings are the same as a hardware wallet in that way, and they will always be a more secure process when an online device is used and especially in the hands of newbie's.

Recovery from a lost 2FA in this case is very easy for me.  I keep a spare already made up. Now if I lose, break, etc... a U2F stick I go and get my spare and immediately have access.  A lost stick means absolutely nothing unless the person holding it knows the username and password (factor one) because everything inside is encrypted to a key and cannot be opened and acquired.  So in my case there is NO person I know that has knowledge I am Coin-Keeper or that I come here.  A sign in here would NEVER happen if I were to hand the Yubi directly to the best hacker out there, because it does not link to any activity it authenticates.

For those with only one U2F key, the recovery is also super easy.  Google, Microsoft, etc.... allow you to print out recovery codes, which are lengthy and unique to use for account recovery if you lose any or all the other credentials.  Just like for those here that lose access to their accounts, if you have the recovery process prepared for in advance its a snap to get back in.  I keep several very important accounts recovery backup codes in a safe so I never have to worry about loss of a device.

If Theymos ever decides to implement U2F the process of generating recovery codes for accounts is beyond easy.  Then Theymos can forget all those I am locked out threads.  The new process could be print out your recovery codes in advance and keep them safe.  If you lose your recovery codes you lose your account.  We should be adults here.  With U2F there won't be account hacks though without serious operator errors involved.  My two cents!

BTC: 1PYSBbuKM3kW19xe9TXJQfq64rPhd8XorF
Staked and Verified: https://bitcointalk.org/index.php?topic=996318.msg17102755#msg17102755
nahtnam
Legendary
*
Offline Offline

Activity: 1092
Merit: 1000


nahtnam.com


View Profile WWW
October 28, 2017, 10:02:22 PM
 #35

Slightly unrelated, but instead of using Google Authenticator and what not, wouldn't it be cool to have an option to sign a bitcoin address that is pre-defined as 2fa?

Coin-Keeper
Hero Member
*****
Offline Offline

Activity: 581
Merit: 502



View Profile
October 28, 2017, 11:06:02 PM
 #36

Slightly unrelated, but instead of using Google Authenticator and what not, wouldn't it be cool to have an option to sign a bitcoin address that is pre-defined as 2fa?

Two things about that:

1. Time:  with true U2F I simply touch a pad on my chip (USB A inserted in a laptop), or tap the Yubi on the back of my Android using NFC and I am in.  The second factor is virtually instant!  Computers and phones never see the keys even if infested!

2.  I will never keep my private keys on an online computer.  Never.  To sign my staked address I have to go to a cold computer because that is where the private keys are stored.

ps - side comments:  U2F is going to grow and become the standard for tons of sites anyway.  That means that serious security seekers are going to own a secure element U2F chip anyway.  Because of how the protocol operates there is no limit for how many sites you can secure using this one U2F element.  It would take me pages here to layout how this works but there are links everywhere online.  For users its "point and click" easy, and recovery codes in advance make account recovery routine!

pss - bank example:  should be the same here when U2F is implemented.  When I am logged into my bank and want to change my email or password I am stopped until I do a U2F verification.  How nice would that be here?  Nobody could mess with someone's account unless they physically held the needed U2F element OR they had the recovery codes.  No exceptions!

BTC: 1PYSBbuKM3kW19xe9TXJQfq64rPhd8XorF
Staked and Verified: https://bitcointalk.org/index.php?topic=996318.msg17102755#msg17102755
nahtnam
Legendary
*
Offline Offline

Activity: 1092
Merit: 1000


nahtnam.com


View Profile WWW
October 29, 2017, 01:33:53 AM
 #37

Slightly unrelated, but instead of using Google Authenticator and what not, wouldn't it be cool to have an option to sign a bitcoin address that is pre-defined as 2fa?

Two things about that:

1. Time:  with true U2F I simply touch a pad on my chip (USB A inserted in a laptop), or tap the Yubi on the back of my Android using NFC and I am in.  The second factor is virtually instant!  Computers and phones never see the keys even if infested!

2.  I will never keep my private keys on an online computer.  Never.  To sign my staked address I have to go to a cold computer because that is where the private keys are stored.

ps - side comments:  U2F is going to grow and become the standard for tons of sites anyway.  That means that serious security seekers are going to own a secure element U2F chip anyway.  Because of how the protocol operates there is no limit for how many sites you can secure using this one U2F element.  It would take me pages here to layout how this works but there are links everywhere online.  For users its "point and click" easy, and recovery codes in advance make account recovery routine!

pss - bank example:  should be the same here when U2F is implemented.  When I am logged into my bank and want to change my email or password I am stopped until I do a U2F verification.  How nice would that be here?  Nobody could mess with someone's account unless they physically held the needed U2F element OR they had the recovery codes.  No exceptions!

I agree that normal 2fa would be generally faster and more reliable, but it would still be nice to have that option. You should be able to pic. I have no problem storing my coins on my laptop, so I can sign messages on the fly.

Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!