theymos (OP)
Administrator
Legendary
Offline
Activity: 5334
Merit: 13300
|
|
October 18, 2017, 02:47:10 AM |
|
I added email notifications for some security events:
Whenever your password is changed (except by an administrator), you will get an email about it.
Whenever your email is changed (except by an administrator), your old email will get an email about it with a link to lock your account. The link is valid for 14 days.
Let me know if you find any bugs.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
Dorkie
Member
Offline
Activity: 420
Merit: 13
|
|
October 18, 2017, 03:09:52 AM Last edit: October 18, 2017, 03:28:06 AM by Dorkie |
|
You should have implemented this long ago.
Too bad for me, you implement this only after my account got hacked. My hacked Dorky account underwent both password and email change less than 14 days ago. And the last time I check my old email inbox, I don't see any notification there. I suppose it is now 100% gone.
Update: So I received notification to this "Dorkie" But I received no notification to "Dorky" when I try to recover password for this username. The old email address used by "Dorky" is the same as I used it with this account.
Update #2: Pissed that my Dorky account lost to this. Nevertheless let's hope this added security notification will help to significantly reduce (if not totally eliminate) all account hacking. It may not be able to save my "Dorky", but at least it may save many other accounts from now onward.
|
|
|
|
Meuh6879
Legendary
Offline
Activity: 1512
Merit: 1012
|
|
October 18, 2017, 11:31:13 AM |
|
Whenever your password is changed (except by an administrator), you will get an email about it.
Verified , no problem, email received if password is changed. +logout +login to test changed password = no problem. +forgot password link +email received to reset password +change password = no problem.
|
|
|
|
Meuh6879
Legendary
Offline
Activity: 1512
Merit: 1012
|
|
October 18, 2017, 11:54:19 AM |
|
Whenever your email is changed (except by an administrator), your old email will get an email about it with a link to lock your account. The link is valid for 14 days.
Verified, no problem. email with LOCK command work great for my temporary account already banned after the successful recovery.
|
|
|
|
Globb0
Legendary
Offline
Activity: 2688
Merit: 2053
Free spirit
|
|
October 18, 2017, 12:27:56 PM |
|
Thanks Theymos this great news since we seem to be under attack a lot.
|
|
|
|
kakawin
|
|
October 18, 2017, 12:31:26 PM |
|
Great thing to improve security! I hope there won't be so much hacks now. Thanks for your work!
P.S. I've just tried it. No bugs have been spotted.
|
|
|
|
_javier_
Member
Offline
Activity: 444
Merit: 31
Still a manic miner
|
|
October 18, 2017, 02:48:06 PM |
|
i wish this was applied some days ago.. my hero account was stolen, it was "_javi_" i pm´ed theymos but no response yet. I cant sign a msg cause i didnt have a linked btc address. But i have a huge list of emails for the PM i got since 2014.. doesnt it prove ownership?? if you look at _javi_ latest post, its SO obvious that it was stolen.. or i learned to write in a weird language i cant even recognize.. changed my email.. and changed avatar for "eidoo whatsoever" (get ready for the scam) https://bitcointalk.org/index.php?action=profile;u=144120;sa=showPosts(my last post was October 13, 2017, 04:52:58 PM) theymos, Cyrus.. if you still read this thread.. plz take a look at my case.
|
19kt6um75kGg3qKZgui5vucztiGxUpKad5
|
|
|
AmXProX
|
|
October 18, 2017, 03:10:07 PM |
|
This is a great addition to the security features of our accounts.
It will also prevent or at least lessen the number of members selling their bitcointalk account.
|
|
|
|
maeusi
|
|
October 18, 2017, 03:32:12 PM Last edit: October 18, 2017, 03:48:03 PM by maeusi |
|
Many thanks, theymos, for this new security feature. It is also good, that for changing email address no confirmation but locking link will be sent, because for some reasons it could be, that email is lost or a change for other reasons necessary.
|
|
|
|
jojo69
Legendary
Offline
Activity: 3290
Merit: 4534
diamond-handed zealot
|
|
October 18, 2017, 03:44:00 PM |
|
thanks theymos
|
This is not some pseudoeconomic post-modern Libertarian cult, it's an un-led, crowd-sourced mega startup organized around mutual self-interest where problems, whether of the theoretical or purely practical variety, are treated as temporary and, ultimately, solvable. Censorship of e-gold was easy. Censorship of Bitcoin will be… entertaining.
|
|
|
chencho777
Member
Offline
Activity: 99
Merit: 10
|
|
October 18, 2017, 04:07:28 PM |
|
I added email notifications for some security events:
Whenever your password is changed (except by an administrator), you will get an email about it.
Whenever your email is changed (except by an administrator), your old email will get an email about it with a link to lock your account. The link is valid for 14 days.
Let me know if you find any bugs.
Hooray! This was a MUCH needed feature. Hope I can recover my hacked account in the coming days... PS Would it be possible to send this notification to accounts which changed password in the last, say 14 days or so? So we can recover them by ourselves? Thanks again!
|
|
|
|
maeusi
|
|
October 18, 2017, 04:12:25 PM |
|
I added email notifications for some security events:
Whenever your password is changed (except by an administrator), you will get an email about it.
Whenever your email is changed (except by an administrator), your old email will get an email about it with a link to lock your account. The link is valid for 14 days.
Let me know if you find any bugs.
Hooray! This was a MUCH needed feature. Hope I can recover my hacked account in the coming days... PS Would it be possible to send this notification to accounts which changed password in the last, say 14 days or so? So we can recover them by ourselves? Thanks again! That brings me a question in mind and I don't want to try out: What will happen, if I locked my account? Can I then reset the password via email or must admin unlock?
|
|
|
|
Meuh6879
Legendary
Offline
Activity: 1512
Merit: 1012
|
|
October 18, 2017, 04:19:44 PM |
|
admin must unlock. and hacker can not use the account (with the new email).
Ban and Lock is not the same feature. Ban invalidate the email, you can not use this email.
So, it's good ... Ip & email can be blacklist after.
|
|
|
|
maeusi
|
|
October 18, 2017, 04:35:11 PM |
|
admin must unlock. and hacker can not use the account (with the new email).
Ban and Lock is not the same feature. Ban invalidate the email, you can not use this email.
So, it's good ... Ip & email can be blacklist after.
So its still the same procedure (signed message) to get the account back (unlocked) with old email address?
|
|
|
|
Dorkie
Member
Offline
Activity: 420
Merit: 13
|
|
October 18, 2017, 04:41:21 PM |
|
Would it be possible to send this notification to accounts which changed password in the last, say 14 days or so? So we can recover them by ourselves?
I tried that on my hacked account. No.
|
|
|
|
Quickseller
Copper Member
Legendary
Offline
Activity: 2982
Merit: 2371
|
|
October 18, 2017, 05:29:22 PM |
|
your old email will get an email about it with a link to lock your account.
What is the procedure to get your account unlocked? What amount of resources will be put into unlocking accounts?
|
|
|
|
theymos (OP)
Administrator
Legendary
Offline
Activity: 5334
Merit: 13300
|
|
October 18, 2017, 06:11:49 PM |
|
What is the procedure to get your account unlocked? What amount of resources will be put into unlocking accounts?
It's on the same level as other recovery requests. So don't do it lightly. But it's better than actually allowing your account to be/remain compromised. When you click an account-lock link, there's a paragraph explaining this.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
recovercryptotech
Newbie
Offline
Activity: 1
Merit: 0
|
|
October 18, 2017, 10:51:17 PM |
|
What is the procedure to get your account unlocked? What amount of resources will be put into unlocking accounts?
It's on the same level as other recovery requests. So don't do it lightly. But it's better than actually allowing your account to be/remain compromised. When you click an account-lock link, there's a paragraph explaining this. Hello theymos, I emailed you two days regarding my account being hacked. https://bitcointalk.org/index.php?action=profile;u=397698It looks that it was hacked on October 15th. You can see all the activity thats taken place since its been hacked. Random post on ICO threads, airdrops, speaking in Russian, etc. Also looks as if he has went and deleted alot of my post. You can see my main thread for TheCryptoChat here https://bitcointalk.org/index.php?topic=1574268.0You added this feature for the email today but can you make that work for an account that was just compromised a 3 days ago? I would really like to get my account back if at all possible as its been my account since 2014 and most know me by my username. If you check your email you should see an email from me on Oct. 16th the day I noticed my account was hacked. Hope to hear from you soon. Thanks.
|
|
|
|
TTITA
|
|
October 19, 2017, 02:34:58 AM |
|
Thank theymos,
is this email security features can request new password if we forgot it?
|
|
|
|
BCTBF
|
|
October 19, 2017, 06:10:02 AM |
|
Great work, I hope this feature will continue to exist to prevent and anticipate hacked accounts. Thanks theymos.
|
|
|
|
|