Bitcoin Forum
December 11, 2016, 02:17:19 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Forum should use secure https:// logins  (Read 475 times)
coinage
Member
**
Offline Offline

Activity: 60


View Profile
June 23, 2011, 09:29:23 PM
 #1

I've enjoyed reading hundreds of posts here in recent months.  Now with the bitcoin security mess I realize I have important contributions to make, so I registered to post.

To start off right I registered with a long, complex password with all 4 character groups (lowercase, uppercase, numbers, symbols), which will be unique for this site.

Then I logged in ... under plaintext http: .

Huh?

It's time to for all bitcoin-related sites to lock down their username/password registrations, logins, and password change pages, because we have seen more than anything else in my recent memory how aggressively people will collect user credentials on one site (MtGox) to try using them on other sites (MyBitcoin/Gmail/Tradehill/etc.) when money gathering is a motivating factor.

It's also time for anyone who registered here ages ago to consider whether they've reused their passwords elsewhere.


(There's probably no clear need for all pages on non-financial sites like this one to be run under SSL while logged in, since the overhead could be an issue.  But at least logins!)
1481465839
Hero Member
*
Offline Offline

Posts: 1481465839

View Profile Personal Message (Offline)

Ignore
1481465839
Reply with quote  #2

1481465839
Report to moderator
1481465839
Hero Member
*
Offline Offline

Posts: 1481465839

View Profile Personal Message (Offline)

Ignore
1481465839
Reply with quote  #2

1481465839
Report to moderator
1481465839
Hero Member
*
Offline Offline

Posts: 1481465839

View Profile Personal Message (Offline)

Ignore
1481465839
Reply with quote  #2

1481465839
Report to moderator
Make sure you back up your wallet regularly! With Bitcoin-Qt, it needs to be backed up at least as often as every 100 transactions (both sends and receipts) or new addresses.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481465839
Hero Member
*
Offline Offline

Posts: 1481465839

View Profile Personal Message (Offline)

Ignore
1481465839
Reply with quote  #2

1481465839
Report to moderator
JoelKatz
Legendary
*
Offline Offline

Activity: 1386


Democracy is vulnerable to a 51% attack.


View Profile WWW
June 23, 2011, 09:44:17 PM
 #2


(There's probably no clear need for all pages on non-financial sites like this one to be run under SSL while logged in, since the overhead could be an issue.  But at least logins!)

Honestly, I see very little point in encrypting login pages if you immediately switch to insecure access. Sure, someone can't get the password, but they don't need it.

I am an employee of Ripple.
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
unbanned
Newbie
*
Offline Offline

Activity: 7


View Profile
June 23, 2011, 10:28:44 PM
 #3

+ after all that has happened you shouldn't even be using the same email address across bitcoin related sites

passwords should all be different all the time anyway, if someone doesnt do this kind of basic security its not the fault of the forum
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!