Bitcoin Forum
March 29, 2024, 11:39:14 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Security Features  (Read 134 times)
eckmar (OP)
Legendary
*
Offline Offline

Activity: 1878
Merit: 1038


Telegram: https://t.me/eckmar


View Profile
December 14, 2017, 07:01:58 PM
 #1

Recently my account has been compromised and I know how painful and process of recovery is. My suggestion is adding some security features to the current board (I know new one is in progress but it will be years before it is finished). What I mean exactly is this:

  • 2FA - Might be hard to implement on old platform like SMF and it would take some time to test it since it would greatly impact signing in process
  • Email Approval - Simple and easy solution that would greatly reduced the number of hacked/stolen accounts. Most of the accounts that are stolen are just password changes, and the attacker does not have access to the owner's email address. A solution would be to simply send an email "click here if you want to change your password/email". This solution would require 20 minutes of coding from Theymos (maximum) and it would help admins with the account recovery load long term
 

Let me know what you guys think about this features that I think are needed.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
Coin-Keeper
Hero Member
*****
Offline Offline

Activity: 758
Merit: 606



View Profile
December 14, 2017, 11:49:56 PM
Last edit: December 15, 2017, 12:06:37 AM by Coin-Keeper
 #2

I understand what you are saying.  A "hack" comes from two ends.  If the site got hacked of course that is one thing.  However; if the hack(s) keep coming on the user's ends there are many things that can fortify your defenses.  I am not asking for an adversary to come after me by any means, but using VM's and only linux has kept me clean as a whistle against these hacks on all sites so far.  Still I have requested that Theymos consider U2F, which is the ultimate protection mechanism and its not too tough to deploy.

I do like the idea of sending a LINK to the registered email account as a REQUIREMENT to change a password or email addy, as long as it would also require that you enter the CURRENT password correctly first.  Password would authorize the link to be sent.  This would protect against someone hacking your email and not knowing your btc login credentials.  Maybe paper code backups if both of those fail.  If you lose all three then tough shit your account is gone ---- grow up time!!

BTC: 1PYSBbuKM3kW19xe9TXJQfq64rPhd8XorF
Staked and Verified: https://bitcointalk.org/index.php?topic=996318.msg17102755#msg17102755
eckmar (OP)
Legendary
*
Offline Offline

Activity: 1878
Merit: 1038


Telegram: https://t.me/eckmar


View Profile
December 15, 2017, 01:50:38 PM
 #3

I understand what you are saying.  A "hack" comes from two ends.  If the site got hacked of course that is one thing.  However; if the hack(s) keep coming on the user's ends there are many things that can fortify your defenses.  I am not asking for an adversary to come after me by any means, but using VM's and only linux has kept me clean as a whistle against these hacks on all sites so far.  Still I have requested that Theymos consider U2F, which is the ultimate protection mechanism and its not too tough to deploy.

I do like the idea of sending a LINK to the registered email account as a REQUIREMENT to change a password or email addy, as long as it would also require that you enter the CURRENT password correctly first.  Password would authorize the link to be sent.  This would protect against someone hacking your email and not knowing your btc login credentials.  Maybe paper code backups if both of those fail.  If you lose all three then tough shit your account is gone ---- grow up time!!

No matter how It happens it can be prevented in most cases but adding simple email authorization. I don't see U2F being added soon because as for now only Chrome supports it and it's kinda complicated and not well documented for developers.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!