Bitcoin Forum
December 18, 2017, 05:30:12 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: This forum needs mail interaction for extra safety...  (Read 106 times)
luicon2
Newbie
*
Offline Offline

Activity: 5


View Profile
November 23, 2017, 03:23:04 PM
 #1

i dont understand how anyone can change the password of an account without get asked for a mail link confirmation,

i just changed the password in another server and they do ask to click link in the mail for confirmation,

lot of hacks could have been avoided with just this extra measure, i am so pissed of a scummbag steal my account,

to lock the account it does send a confirmation to the mail however!, damn it,

such high volume of posts in this super big forum should return better security measures...
1513618212
Hero Member
*
Offline Offline

Posts: 1513618212

View Profile Personal Message (Offline)

Ignore
1513618212
Reply with quote  #2

1513618212
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513618212
Hero Member
*
Offline Offline

Posts: 1513618212

View Profile Personal Message (Offline)

Ignore
1513618212
Reply with quote  #2

1513618212
Report to moderator
1513618212
Hero Member
*
Offline Offline

Posts: 1513618212

View Profile Personal Message (Offline)

Ignore
1513618212
Reply with quote  #2

1513618212
Report to moderator
Welsh
Legendary
*
Offline Offline

Activity: 1078


ALU - Campaign Management, Escrow & Design!


View Profile
November 23, 2017, 04:04:36 PM
 #2

Could you refrain from posting multiple threads about the same subject? You need to recover the account via a signed message, if you haven't got an address in which you can do that then that's your own security mishap as this has been an accepted practice for a long time now.

            ▄▄▄█████████▄▄▄
        ▄▄███████████████████▄▄
      ▄████████████▀▀▀██████████▄
    ▄█████████████▄█  ▐███████████▄
   ████████▀▀██████▌  ██▀▀██████████▄
  ██████▀ ▄██▄  ███  ▐█▄▌  ███  ▐█████
 ██████  ████▌ ▐██▌  ███  ▐██▌  ███████
██████▌  ████  ███  ▐██▌  ███  ▐████████
██████▌  ██▀▌ ▐█▀█  █▀█  ▐█▀▀  █▀███████
████████▄▄▄█▄▄▄▄██▄▄▄██▄▄▄▄█▄▄▄▄████████
████████████████████████████████████████

████████████████████████████████████████
.TRUSTED ★ EXPERIENCED ★ READY.       ▄▄█████████▄▄
    ▄█████████████████▄
  ▄█████████████████████▄
 ▄███████████████▀▀▀█████▄
▄████████████▀▀     ██████▄
█████████▀▀   ▄▄▀   ███████
██████▄    ▄▄█▀    ████████
█████████▄██▀      ████████
▀██████████▄▄    ████████▀
 ▀████████▄█████▄████████▀
  ▀█████████████████████▀
    ▀█████████████████▀
       ▀▀█████████▀▀
       ▄▄█████████▄▄
    ▄█████████████████▄
  ▄████████▀▀█▀▀████████▄
 ▄██████▀▀▀  ▀  ▀████████▄
▄███████▄▄   ▄▄   ▀███████▄
██████████   ███   ████████
██████████        ▀████████
██████████   ███▌  ▐███████
▀███████▀▀   ▀▀▀  ▄███████▀
 ▀██████▄▄▄  ▄  ▄████████▀
  ▀████████▄▄█▄▄████████▀
    ▀█████████████████▀
       ▀▀█████████▀▀
       ▄▄█████████▄▄
    ▄█████████████████▄
  ▄█████████████████████▄
 ▄██▀                 ▀██▄
▄██▌ ▄▀█████████████▀▄ ▐██▄
███▌ ██▄ ▀███████▀ ▄██ ▐███
███▌ ████   ▀▀▀   ████ ▐███
███▌ ██▀▄▄██▄▄▄██▄▄▀██ ▐███
▀██▌ ▀▄█████████████▄▀ ▐██▀
 ▀██▄                 ▄██▀
  ▀█████████████████████▀
    ▀█████████████████▀
       ▀▀█████████▀▀
luicon2
Newbie
*
Offline Offline

Activity: 5


View Profile
November 23, 2017, 04:26:52 PM
 #3

Could you refrain from posting multiple threads about the same subject? You need to recover the account via a signed message, if you haven't got an address in which you can do that then that's your own security mishap as this has been an accepted practice for a long time now.

i just suggested some changes that might free from work the admins and increase the forum security

i find its no sense to just allow some one to recovery his account if he posted a bitcoin address he can sign,
you just find this is needed when you already losted your account,
you dont receive any mail about "ey remember tu put a bitcoin address somewhere just in case some one hack your account"

thats a no sense rule, i can prove over several ways impossible to fake, and the common sense, that i am the owner of the account, if the admin
just want allow a signed bitcoin address because he has not time to lose checking extra proves, then that pretty sad..

i had this problem for use a stupid password, my fault, in 5 years no problem any way, but some scumbag probably used a bot, start trying common password over random nicks in the forum and i got in.

even if i had a better password, that doesn't hide the poor security this forum has when changing password and mails,
if we increase the security with extra common sense steps, (mail link confirmation) the number of hacked accounts will drop, and the admin work will decrease too,

so thats why i opened this thread, to suggest changes that will make this forum better,

SureLockLoans
Sr. Member
****
Offline Offline

Activity: 295


Veritas Mining - Sustainable Crypto Mining


View Profile
November 23, 2017, 04:33:38 PM
 #4

PGP or signing an address is one of the best ways to recover anything and thats why PGP is used in proving you are who you say you are. Signing a bitcoin address is the same and it's why so many escrows sign an address that they control.


2FA authentication has been suggested too and will be part of the feature list of the new forum but I think thats using bitcoin addresses and signing too.

Veritas Mining

▄▄▄▄▄▄
  ████
   ███
   ███
   ███
   ███
   ███
   ███
   ███
   ███
   ███
  ████
▀▀▀▀▀▀
        Sustainable Crypto - Mining     
   ●Cost Efficient  ●Eco-Friendly  ●Profitable  ●Innovative   

▄▄▄▄▄▄
  ████
   ███
   ███
   ███
   ███
   ███
   ███
   ███
   ███
   ███
  ████
▀▀▀▀▀▀
■Facebook   ■ANN Thread      ■Linkedin 
■Twitter         ■Telegram          ■Slack
■Medium       ■Whitepaper    ■Reddit
luicon2
Newbie
*
Offline Offline

Activity: 5


View Profile
November 23, 2017, 04:43:20 PM
 #5

PGP or signing an address is one of the best ways to recover anything and thats why PGP is used in proving you are who you say you are. Signing a bitcoin address is the same and it's why so many escrows sign an address that they control.


2FA authentication has been suggested too and will be part of the feature list of the new forum but I think thats using bitcoin addresses and signing too.


i am sure its a nice way to prove it, but no message alerts you to post an address and save the private key since will be needed in case of receovery.
so what if you dont have any bitcoin address posted? i am pretty sure there are tons of people who never posted any address because they had no need to.

also neither change the fact security measures in the forum are very low, and you must wait months before the admin answers you in case of a hack,

the security on the forum and the recovery path is just out of any sense,

asking a signed message should rather be an extra last step, not the single one.

that an objective point of view,








Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!