MCXNOW is NOT the most secure exchange

[FrigidWinter]

A simple database run from another site gained access to accounts.

But oh what could be done to prevent this?!?!?!

Only something any other respectable exchanges has already implemented......

Email verification for withdrawls

[TheRealSolid]

2FA is already there, I don't support emails as a second verification method but I do provide google auth. So the fact is mcxNOW does have 2 auth setup, some users don't use it. Not much can be done about this unfortunately.

As of the v2 update I have removed all user emails from the site and stopped requiring them to be entered on sign up. The reason is due to privacy, I feel with coming laws these "paper transactions" of activity at a crypto exchange may be used against people. I advise everyone who uses emails at exchanges to turn off email notifications and use a more secure 2nd auth device like Google Auth or yubikey, etc.

[iGotSpots]

A simple database run from another site gained access to accounts.

But oh what could be done to prevent this?!?!?!

Only something any other respectable exchanges has already implemented......

Email verification for withdrawls

People using the same name/password for every site is not RS's fault

[FrigidWinter]

I understand all of this. But i feel the securty it provides is something "the most secure exchange" should have. Rant over on my part

[iGotSpots]

I understand all of this. But i feel the securty it provides is something "the most secure exchange" should have. Rant over on my part

Can't protect stupid

[FrigidWinter]

I understand all of this. But i feel the securty it provides is something "the most secure exchange" should have. Rant over on my part

Can't protect stupid

But you can to a degree.

If they didnt have users emails they would have been able to do nothing even if they did only if the user used the same password at 3 places would they be affected.

Its still users fault as if you have any money on exchanges you should do your part to protect it.

But too be the most secure you have to protect against stupidity to a certain degree.

MCXNOW might not be "hackable" but less info is required than most sites to hijack users accounts

[iGotSpots]

I understand all of this. But i feel the securty it provides is something "the most secure exchange" should have. Rant over on my part

Can't protect stupid

But you can to a degree.

If they didnt have users emails they would have been able to do nothing even if they did only if the user used the same password at 3 places would they be affected.

Its still users fault as if you have any money on exchanges you should do your part to protect it.

But too be the most secure you have to protect against stupidity to a certain degree.

MCXNOW might not be "hackable" but less info is required than most sites to hijack users accounts

You are correct in all of that. But why start a thread talking shit when you understand it wasn't his issue?

[FrigidWinter]

I understand all of this. But i feel the securty it provides is something "the most secure exchange" should have. Rant over on my part

Can't protect stupid

But you can to a degree.

If they didnt have users emails they would have been able to do nothing even if they did only if the user used the same password at 3 places would they be affected.

Its still users fault as if you have any money on exchanges you should do your part to protect it.

But too be the most secure you have to protect against stupidity to a certain degree.

MCXNOW might not be "hackable" but less info is required than most sites to hijack users accounts

You are correct in all of that. But why start a thread talking shit when you understand it wasn't his issue?

Like i have stated multiple time. Its advertised as "the most secure" But yet it doesnt take the little extra step to protect its just above brain dead users that others exchanges do

Anyone worried about privacy knows how to use tor and create a Virtually untraceable email

[SuperTramp]

A simple database run from another site gained access to accounts.

But oh what could be done to prevent this?!?!?!

Only something any other respectable exchanges has already implemented......

Email verification for withdrawls

Last time I used Mt.Gox they did NOT have email verification for withdrawals.

[smoothie]

A simple feature that forces users of his site to use a relatively long and random password generated on his server's end would fix that user pass problem he is dealing with now (or so he claims).

[smoothie]

A simple database run from another site gained access to accounts.

But oh what could be done to prevent this?!?!?!

Only something any other respectable exchanges has already implemented......

Email verification for withdrawls

Last time I used Mt.Gox they did NOT have email verification for withdrawals.

This discussion of security doesnt stop at GOX.