Bitcoin Forum
December 17, 2017, 10:10:08 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: poloniex account security  (Read 238 times)
ololo80
Jr. Member
*
Offline Offline

Activity: 40


View Profile
November 14, 2017, 07:43:35 PM
 #1

Hi,
I would like to know if i say my account login\password\2fa to another person (for example for trading), can i be sure that he will not be able to withdraw my founds without e-mail access?

It is possible to make direct withdrawal request without e-mail access/confirmation? I know that on polo e-mail confirmation is mandatory.
I know about illiquid tickers scheme, but i'm talk about direct withdrawal.
I would like to know if i'm missing some technical opportunity on the part of the exchange.
Also only me know support freshdesk login\password, if it matters.

I will be glad to any advice
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Alns
Sr. Member
****
Online Online

Activity: 280


★Jetwin.com★


View Profile
November 15, 2017, 10:13:24 PM
 #2

Poloniex is very safe, you are not going to be hacked in there if you enable your 2fa because it will mean that the hacker will have to pass through a lot of security to withdraw your funds, and if you dont have a considerable amount of money in there, you are not exposed to anything.
I have my 2fa, and everytime that there is a new withdrawal request, i get a new confirmation on my email, this makes me sure that i am never going to be hacked from there.
The only ones who can stole your coins are the ones from Polo, lol.


▄▄▄████████▄▄▄
▄▄███▀▀▀ ▄  ▄ ▀▀▀███▄▄
▄██▀▀ ▄▄████  ████▄▄ ▀▀██▄
▄██▀ ▄███████    ███████▄ ▀██▄
██▀ ▄████████▀    ▀████████▄ ▀██
██▀ ██████████      ██████████ ▀██
██▀ ██████████        ██████████ ▀██
▄██                                ██▄
██ ▄                              ▄ ██
██ ███▄                        ▄███ ██
██ ██████▄                  ▄██████ ██
██ ▀████████              ████████▀ ██
▀██ ███████                ███████ ██▀
██▄ █████▀                ▀█████ ▄██
██▄ ████        ▄▄        ████ ▄██
██▄ ▀█      ▄▄████▄▄      █▀ ▄██
██▄    ▄▄██████████▄▄    ▄██▀
▀██▄▄ ▀▀██████████▀▀ ▄▄██▀
▀▀███▄▄▄ ▀▀▀▀ ▄▄▄███▀▀
▀▀▀████████▀▀▀
 

    [    ]
Slow death
Hero Member
*****
Offline Offline

Activity: 672



View Profile
November 16, 2017, 07:56:36 PM
 #3

It is possible to make direct withdrawal request without e-mail access/confirmation?

No. In times I used polo as I remember whenever I made the withdrawal request I received the confirmation email and without the email I did not withdraw anything, so if you gave your account to someone to make a trade for you (which I do not recommend people do), this person would not make withdrawals.

Remember: do not trust anyone, you never know when a good person becomes a bad person and when an honest person becomes a thief and a liar




swogerino
Hero Member
*****
Offline Offline

Activity: 812



View Profile
November 16, 2017, 08:25:06 PM
 #4

Hi,
I would like to know if i say my account login\password\2fa to another person (for example for trading), can i be sure that he will not be able to withdraw my founds without e-mail access?

It is possible to make direct withdrawal request without e-mail access/confirmation? I know that on polo e-mail confirmation is mandatory.
I know about illiquid tickers scheme, but i'm talk about direct withdrawal.
I would like to know if i'm missing some technical opportunity on the part of the exchange.
Also only me know support freshdesk login\password, if it matters.

I will be glad to any advice

Yes you can be sure that any hacker cannot withdraw anything without your 2fa from google authenticator app from your phone and without knowing your password to your email account as every time you withdraw from polo you have to put the 2fa when withdrawing if enabled and after that you have to click a confirmation link sent to your email account.




                          ▄▄███████████████████▄▄
                      ██████▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀██████
                  ██████                          ██████
               █████                                  █████
             █████                                      █████
           ████                                            ████
         ████                                                ████
       ████                                                    ████
      ████                                                      ████
     ████                                                        ████
    ████                                                          ████
   ████            ███████████████     ███████████████             ████
  ████             ▀ █████████████▌   ▄▀ █████████████▌             ████
 ▐███             ▄▄ ▐█████████████  ███ ▐█████████████              ███▌
 ████            ▐██▌ █████████████▌ ███▌ █████████████▌             ████
 ███             ████ ▐█████████████ ▐███ ▐█████████████              ███
▐███            ▐████▌ █████████████▌ ███▌ █████████████▌             ███▌
▐███            ██████ ▐█████████████ ▐███ ▐█████████████             ███▌
▐███           ▐██████▌ █████████████▌ ███▌ █████████████▌            ███▌
▐███           ████████ ▐█████████████ ▐███ ▐█████████████            ███▌
▐███          ▐████████▌ █████████████▌ ███▌ █████████████▌           ███▌
▐███          ██████████ ▐█████████████ ▐███ ▐█████████████           ███▌
▐███         ▐██████████▌ █████████████▌ ███▌ █████████████▌          ███▌
▐███         ████████████ ▐█████████████ ▐███ ▐█████████████          ███▌
 ███        ▐████████████  █████████████▌ ███  █████████████▌         ███
 ████       █████████████  ▐█████████████ ▐██▌ ▐█████████████        ████
 ▐███      ▐█████████████   █████████████▌ ██   █████████████▌       ███▌
  ████     █████████████▌   ▐█████████████      ▐█████████████      ████
   ████    █████████████     █████████████▌      █████████████▌    ████
    ████                                                          ████
     ████                                                        ████
      ████                                                      ████
       ████                                                   █████
         ████                                                ████
           ████                                            ████
             █████                                      █████
               █████                                  █████
                  ██████                          ██████
                      ██████▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄██████
                          ▀▀███████████████████▀▀
 
Monaize
|
 
|
 
 



 
countryfree
Legendary
*
Offline Offline

Activity: 1666

Your country may be your worst enemy


View Profile
November 16, 2017, 08:46:52 PM
 #5

Poloniex requires email confirmation before any withdrawal. So you're quite safe, but if I were you I would not share my account with anyone. I know I won't ever do that.
pixie85
Sr. Member
****
Online Online

Activity: 378


View Profile
November 16, 2017, 09:44:20 PM
 #6

Hi,
I would like to know if i say my account login\password\2fa to another person (for example for trading), can i be sure that he will not be able to withdraw my founds without e-mail access?

It is possible to make direct withdrawal request without e-mail access/confirmation? I know that on polo e-mail confirmation is mandatory.
I know about illiquid tickers scheme, but i'm talk about direct withdrawal.
I would like to know if i'm missing some technical opportunity on the part of the exchange.
Also only me know support freshdesk login\password, if it matters.

I will be glad to any advice

How would you tell your 2fa to someone? I mean you'd have to send them the code every time you request a withdrawal, which would defeat the purpose. I mean the code expires after some time so the thief would have to literally steal your phone (or just the sim card) before hacking into your account and requesting withdrawal. It's much harder to do than hacking an email.

mobnepal
Hero Member
*****
Offline Offline

Activity: 868


View Profile
November 17, 2017, 07:38:25 AM
 #7

Hi,
I would like to know if i say my account login\password\2fa to another person (for example for trading), can i be sure that he will not be able to withdraw my founds without e-mail access?
It is not safe but I think he can't move funds out of the exchange without email access. But he/she can make nasty moves if there will be misunderstanding between you two and you can easily loss so much or even all you have if he/she will Buy/Sell some shitcoins at ask and bid price which has high price spread like of 10%.

So I will never give access to my account to anyone even not to my brother or best friend.

deadsilent
Hero Member
*****
Offline Offline

Activity: 546



View Profile
November 17, 2017, 08:50:01 AM
 #8

Yes, i think it's safe enough. As long as you keep your email a secret. You'll be fine. The final approval for funds to withdraw is thru your email.
But if they have the access to your poloniex account. They can mess with your funds including your coins out there. It could cause you funds to be loss also. So that's not good. So better if you change your password to prevent others from accessing your account unless you want it to be accessed by someone that you gave your account details.

But i suggest, do not share any details of your account. That the smart thing to do. It's hard to trust someone when it comes to money.

bamboylee
Hero Member
*****
Offline Offline

Activity: 686



View Profile
November 17, 2017, 08:58:57 AM
 #9

How would you tell your 2fa to someone? I mean you'd have to send them the code every time you request a withdrawal, which would defeat the purpose. I mean the code expires after some time so the thief would have to literally steal your phone (or just the sim card) before hacking into your account and requesting withdrawal. It's much harder to do than hacking an email.

You can share your qr codes to a person and store it to his authenticator. Then he have a copy of your 2FA.


I think OP know the risk of sharing his accounts but I still will not recommend it to him. That is too much risk and the only protection he have left is his email which can be easily hacked or phished.

.▄▄▄▄▄▄▄      ▄▄▄▄▄▄       ▄▄▄▄▄      ▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄ 
░░░░░░░█    █░░░░░░▀▄   ▄▀░░░░░█    █░░░░░░░░░░░░░░
 ▀█░░░█▀      ▀█░░░░░█  ▄▀░░░░█▀      ▀█░░░█▀ ▀█░░░█▀
  █░░░█        █░░░░░░█ █░░░░░░█       █░░░█   █░░░█ 
  █░░░█    ▄▄  █░░░░░░░░░░░░█       █░░░█   █░░░█ 
  █░░░█   █░░█ █░░██░░░░░░██░░░█       █░░░█   █░░░█ 
 ▄█░░░▀▄▄▄▀░░█▄█░░█▄█░░░░█▄█░░░█▄     ▄█░░░█▄ ▄█░░░█▄
░░░░░░░░░░░░░░░░░░██░░██░░░░░░░█   █░░░░░░░░░░░░░░
 ▀▀▀▀▀▀▀▀▀▀▀▀ ▀▀▀▀▀▀  ▀▀  ▀▀▀▀▀▀▀     ▀▀▀▀▀▀▀ ▀▀▀▀▀▀▀

  Lordmancer II — MMO RPG where you can mine cryptocurrency 
    Pre ICO: 21.08.2017 WhitePaper ANN Bounty ICO: 07.11.2017
   Website ~ Telegram ~ FB ~ Reddit ~ Twitter
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!