Email security notifications

[coin163]

Thank you for improved security

[chencho777]

This will surely discourage most account hacking attempts, if most people are able to lock their account after a suspicious password/email change. It will probably lower the workload of Admins regarding this problem as well.

It would also be great if the recovery process would be automated somehow. As an example, being able to trigger a password reset from that same security email. Or enable a form to submit a link to a posted bitcoin address and a signed message with that address, which can be automatically verified so that the Admins don't have to do it manually.

Thanks again.

[TheRealAwesome31312]

I added email notifications for some security events:

Whenever your password is changed (except by an administrator), you will get an email about it.

Whenever your email is changed (except by an administrator), your old email will get an email about it with a link to lock your account. The link is valid for 14 days.

Let me know if you find any bugs.

Post edited. I thought there was a bug, but alas, looks like I never got the email notification when the email was changed. Now some douchebag who can't even speak English is making money spamming the forum using my identity.

[Bitfort]

About time  ...hope this can reduce amount of hacked accounts.

[audaciousbeing]

This is something to be happy about as this increase the amount of security to the account. However, my question is that, if someone for example attempted to hack the account, I get a notification in my email which I took action on, how do I claim my account back? That part is not clear in any of the posts earlier. Also, is there a way for the source of the message to be made public so that I know before hand where the address I should receive a message from in case there is an attack, this is important not to fall for phishing mails and not to willingly give the access thinking one is denying such.

[azril fauzan]

"Sorry abdillahzidan, you are not allowed to post or send private messages in this forum.
You have been banned by forum moderators. You can appeal here: banappeals-w6pquw43@theymos.e4ward.com."There is a notification like that on my old account But up to now there has been no response at all despite sending a mail to that address. There is an odd crosshatch with that address , but hope I just want my account can be commented again and can send personal message as before-before nya.To consideration I will include link profile and activity link
link profile; https://bitcointalk.org/index.php?action=profile;u=1052912
https://bitcointalk.org/index.php?action=profile;u=1052912;sa=showPosts
Thank you for all

[TheRealAwesome31312]

Yeah, anybody with more than four brain cells knows that an email address should have something to do with account security. It shouldn't just serve as a label. Seriously

[actmyname]

However, my question is that, if someone for example attempted to hack the account, I get a notification in my email which I took action on, how do I claim my account back? That part is not clear in any of the posts earlier.

It's clear. If your password is changed, you receive an email notification. Thus, you can reset your password via email. If however the email is changed, then you have a link to lock your account and retrieve the account.What was unclear?

This covers all (2) scenarios when someone's account is hacked.

[gliridian]

Thanks for doing this Theymos. Maybe a lot of people will complain on why these security features were applied just now. But monitoring and managing these huge community from different backgrounds to different parts of the world is really hard. So I really appreciate your hardwork here in bitcointalk and for providing us a more secure venue. I know you're doing all your best to make everything here work smoothly.

[AndroMerlin]

how to do this at my end?

[LTU_btc]

I noticed this news only now. It's great, I hope it will help to reduce number of hacked accounts. From what I saw, amount of hacked accounts big in recent months. Important thing - don't use same password on Bitcointalk and email
P.S. As I understand, administrator (theymos and Cyrus) have ability to change user email address? Why they may need to it?

[Globb0]

I noticed this news only now. It's great, I hope it will help to reduce number of hacked accounts. From what I saw, amount of hacked accounts big in recent months. Important thing - don't use same password on Bitcointalk and email
P.S. As I understand, administrator (theymos and Cyrus) have ability to change user email address? Why they may need to it?

For an example. What if some one loses their password but no longer has use of that old inbox to reset the password. But luckily they can prove they can sign a message from an associated BTC address.  "I am Darren at BCT Forum-07860986060869#"

There must be a mechanism for an Admin to achieve such changes. When they deem appropriate, admin is a responsible role.

[maeusi]

Please move this thread on top of Meta section.

[Awan Awan]

Thank theymos,

is this email security features can request new password if we forgot it?

Yes. Just set forgit password and enter your username or email then email notification sent to your email.

[mrsalve01]

This is good security measure but is it working?

My account https://bitcointalk.org/index.php?action=profile;u=400666 got hacked 14'th of Nov. Email changed and then password.

I got in to it quickly in minutes after it was done. Clicked a link and thought thief can't use account any more.
Checking now my account activity I notice someone has been it on it today cus it showing last activity Last Active:
November 22, 2017, 03:12:06 AM???


Btw Cyrus or theymos if you find time I would like to get my account back. I sent PM's to you with proof that I'm a original email holder and then other one with signed message.

[Sefatih]

theymos

Sorry Guest, you are banned from using this forum!
For security, your account has been locked. Email acctcomp15@theymos.e4ward.com

-----BEGIN BITCOIN SIGNED MESSAGE-----
My account <Afandoras> has been hacked/lost. Please reset the email to <f.akyuzz@hotmail.com>. The current date is <01.11.2017 /23.11.2017>.

Account locked . Nick Afandoras  . Helpp

[Cryptoshaft]

You should have implemented this long ago.

Too bad for me, you implement this only after my account got hacked.
My hacked Dorky account underwent both password and email change less than 14 days ago.
And the last time I check my old email inbox, I don't see any notification there.
I suppose it is now 100% gone.

Update:
So I received notification to this "Dorkie"
But I received no notification to "Dorky" when I try to recover password for this username.
The old email address used by "Dorky" is the same as I used it with this account.

Update #2:
Pissed that my Dorky account lost to this.
Nevertheless let's hope this added security notification will help to significantly reduce (if not totally eliminate) all account hacking.
It may not be able to save my "Dorky", but at least it may save many other accounts from now onward.

indeed.
i also lost my account prior to hack.
the email changed and last time i asked to mod, it's banned already.
i think they also should record 'first email registered' to verify account ownership manually

[krishnaverma]

OP, what happens after the account is unlocked by the admin ? What will be the email id in that account - earlier one or the one that hacker used?

[patron bounty]

Thanks theymos this is a good security features.
this is an effort to improve the security of our work system

[Cosette]

OP, what happens after the account is unlocked by the admin ?

OP is admin

What will be the email id in that account - earlier one or the one that hacker used?

Based on this sticky post on this section, you will ask signed message with your new email address.
https://bitcointalk.org/index.php?topic=497545.0