Bitcoin Forum
October 20, 2019, 06:35:46 PM *
News: Latest Bitcoin Core release: 0.18.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Isn't it time to introduce 2FA to enhance user account security ?  (Read 175 times)
DdmrDdmr
Hero Member
*****
Offline Offline

Activity: 644
Merit: 2775

There are lies, damned lies and statistics. MTwain


View Profile WWW
March 24, 2018, 11:48:25 AM
 #1

Going over the Meta section, I've seen 27 threads that are active during this past week alone related to accounts being hacked. That is a lot of live threads on this issue alone.

Shouldn't 2FA be enabled now?

It could be a voluntary feature to switch on, so that people with less access to mobiles from certain countries would not be affected by a mandatory feature which many not be that simple for them to activate.

Accounts are dearer now that merit system is in place. Many people put quite a bit of effort and time into posting better quality posts, and having that secured with 2FA only seems logical now.

1571596546
Hero Member
*
Offline Offline

Posts: 1571596546

View Profile Personal Message (Offline)

Ignore
1571596546
Reply with quote  #2

1571596546
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1571596546
Hero Member
*
Offline Offline

Posts: 1571596546

View Profile Personal Message (Offline)

Ignore
1571596546
Reply with quote  #2

1571596546
Report to moderator
1571596546
Hero Member
*
Offline Offline

Posts: 1571596546

View Profile Personal Message (Offline)

Ignore
1571596546
Reply with quote  #2

1571596546
Report to moderator
hilariousandco
Chopper Member
Global Moderator
Legendary
*
Offline Offline

Activity: 2156
Merit: 1667


https://bitcoin.watfordfc.com


View Profile WWW
March 24, 2018, 12:46:30 PM
 #2

2fa is enabled in essence because when someone tries to hack and take access of your account you can lock it via the link in the email you get if it wasn't you. The issue is is that most people complaining in Meta are waiting for their accounts to be restored to them by an admin which isn't really happening. Better 2fa options will be available on the new forum but the email lock is probably as good as we're going to get on this one.

████████████████████████████
████████▀▀ █▀ █▀ ▀██████████
█████████▄ ▄▄▄▄▄▄███████████
██████████▀     ▀  ▀████████
███████▀ ▀  ▄█▀▀▀█▀▀████████
██████▄      █▄  ▀▀  ▀██████
██████         ▄▄█▄ ▄ ▀█████
█████ ▄         ▀▀ ▄ ▀ █████
██████▌          █▀█▀ ▐█████
███████  ▄▌         ▄ ██████
████████▄█         ▄████████
█████████▀     ▄▄ ▄█████████
████████████████████████████
.JACKMATE'S...........
.
MAJESTIC..
████████████████████████
███████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
.
..WIN 1 BITCOIN ON EVERY PREMIER LEAGUE MATCHDAY..
████████████████████████████████
████████████▀█▀ ▀█▀█▀███████████
███████████▄ ▄▄▄▄▄▄▄████████████
███████████▀▀▄▄▄▄▄▄▄▄███████████
█████████▀▄ ██▀▄▄▄ ▀ ▄▀█████████
███████▀ ▀█████▄▄▄█▄▄▄██████████
███████▀▄████████▀  ▀█ █▐███████
███████ ▀█████████▄█▀▀██ ███████
████████ ███▀██████ ▄ ██ ███████
████████▌▐▀▄ ██████████ ▄███████
█████████▄██▌▐█████▀██ █████████
████████████▄▀▀▀▀▀▄ ▀▄██████████
████████████████████████████████
.
.JOIN US - IT'S FREE! .
DdmrDdmr
Hero Member
*****
Offline Offline

Activity: 644
Merit: 2775

There are lies, damned lies and statistics. MTwain


View Profile WWW
March 24, 2018, 01:17:15 PM
 #3

Thanks for your reply. Good to know that there is something in place to at least lock the account in the event of account password hack, although it lacks as you say of a hasty way or procedure to restore it back to it’s legit user in a very short timeframe.

Arian247
Member
**
Offline Offline

Activity: 476
Merit: 11

quarkchain.io


View Profile WWW
March 24, 2018, 03:42:38 PM
 #4

Apart from the email notification there is also another feature most people ignore which is also a secure way of guarding your account. The secret question which only you know the answer to although this I will not advise to those who forget easily, it's a sure way of making sure only you have access to your account

★ HELIOS PROTOCOL ★ ✅[DAG]✅[BLOCKCHAIN]✅[PoS]✅[Masternodes] ✈✈✈[weekly Airdrop][join our discord to qualify]✈✈✈
  ▂▃▅▆█ Website  |  Github  |  Bitcointalk  | Bounties  | Discord  |  telegram █▆▅▃▂
rapsaodan84
Full Member
***
Offline Offline

Activity: 218
Merit: 102


View Profile
March 24, 2018, 05:09:44 PM
 #5

2fa is enabled in essence because when someone tries to hack and take access of your account you can lock it via the link in the email you get if it wasn't you. The issue is is that most people complaining in Meta are waiting for their accounts to be restored to them by an admin which isn't really happening. Better 2fa options will be available on the new forum but the email lock is probably as good as we're going to get on this one.
when exactly is the email sent? what is defined as "tries to hack"? do you mean when the password is changed?
it's not really 2fa because if someone else has the password they can login with just that

I insist proper 2fa should be implemented. it seems simple https://bitcointalk.org/index.php?topic=2859085.0

someone said it could brake things (https://bitcointalk.org/index.php?topic=2859085.msg29944712#msg29944712) but I don't think that's very likely. at least it should be tried in a test version (I guess there's a private test version of this forum where things are tested before going live?)
Welsh
Staff
Legendary
*
Offline Offline

Activity: 1736
Merit: 1606



View Profile
March 24, 2018, 11:20:15 PM
 #6

2fa is enabled in essence because when someone tries to hack and take access of your account you can lock it via the link in the email you get if it wasn't you. The issue is is that most people complaining in Meta are waiting for their accounts to be restored to them by an admin which isn't really happening. Better 2fa options will be available on the new forum but the email lock is probably as good as we're going to get on this one.
when exactly is the email sent? what is defined as "tries to hack"? do you mean when the password is changed?
it's not really 2fa because if someone else has the password they can login with just that

I insist proper 2fa should be implemented. it seems simple https://bitcointalk.org/index.php?topic=2859085.0

someone said it could brake things (https://bitcointalk.org/index.php?topic=2859085.msg29944712#msg29944712) but I don't think that's very likely. at least it should be tried in a test version (I guess there's a private test version of this forum where things are tested before going live?)

Yes to my understanding it's as soon as any details changed including the password and email. I've yet to test this since this has been added but, you only have to look around and people have already posted what the message contains when it's sent to you and it's as easy as clicking that link within 15? days.

bobq
Sr. Member
****
Offline Offline

Activity: 1008
Merit: 304



View Profile
March 24, 2018, 11:26:26 PM
 #7

2FA would be more effective than email as a protection for the simple reason that an email can go unnoticed, for a number of reasons: people who receive too many emails and it gets lost there, people who use for BCT a secondary email they don't check often, emails which end up somehow in the spam folder, etc.

Welsh
Staff
Legendary
*
Offline Offline

Activity: 1736
Merit: 1606



View Profile
March 24, 2018, 11:33:42 PM
 #8

2FA would be more effective than email as a protection for the simple reason that an email can go unnoticed, for a number of reasons: people who receive too many emails and it gets lost there, people who use for BCT a secondary email they don't check often, emails which end up somehow in the spam folder, etc.

I'm not familiar with SMF too much, but I would imagine it's difficult to implement a 2 factor authentication on top of the current software. It's already been stated it's going to be available in the new forum so at the moment we are just going to have to wait.  Depending on what options we are talking about it would be nice if we could see a Bitcoin address verification used for 2fa but, again probably easier to just implemented on the new forum that the current software.

Ondisbelle
Newbie
*
Offline Offline

Activity: 95
Merit: 0


View Profile
July 15, 2018, 06:28:11 PM
 #9

Is Secret question not save enough to protect our account?
I see this text

Quote
Secret Question:
To help retrieve your password, enter a question here with an answer that only you know. Using this feature is not recommended. Anyone who guesses your secret answer will have access to your account. It's like a second password.

But I think this is save enough for me, because sometimes  there is one thing that only known by me
1miau
Hero Member
*****
Online Online

Activity: 518
Merit: 1414


ChipMixer Miau


View Profile WWW
July 15, 2018, 06:32:17 PM
Last edit: July 15, 2018, 08:49:33 PM by 1miau
 #10

Is Secret question not save enough to protect our account?
I see this text

Quote
Secret Question:
To help retrieve your password, enter a question here with an answer that only you know. Using this feature is not recommended. Anyone who guesses your secret answer will have access to your account. It's like a second password.

But I think this is save enough for me, because sometimes  there is one thing that only known by me
Remember the secret question is not only a way for yourself to reset your password: it's also another way for hackers to get access on your account, besides your normal password.  

Thirdspace
Hero Member
*****
Offline Offline

Activity: 1134
Merit: 719


Mixing reinvented for your privacy | chipmixer.com


View Profile
July 15, 2018, 10:50:28 PM
 #11

2fa is enabled in essence because when someone tries to hack and take access of your account you can lock it via the link in the email you get if it wasn't you. The issue is is that most people complaining in Meta are waiting for their accounts to be restored to them by an admin which isn't really happening. Better 2fa options will be available on the new forum but the email lock is probably as good as we're going to get on this one.
why not also add email confirmation (to old email address) when a user changes his email address?
wouldn't that prevent hackers from easily changing email address to take over an account?
this way, admins will be needed only if the user lost access to both forum accounts and email address
would this be available on the new forum?

Piggy
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1385



View Profile WWW
July 16, 2018, 04:57:37 AM
 #12

2fa is enabled in essence because when someone tries to hack and take access of your account you can lock it via the link in the email you get if it wasn't you. The issue is is that most people complaining in Meta are waiting for their accounts to be restored to them by an admin which isn't really happening. Better 2fa options will be available on the new forum but the email lock is probably as good as we're going to get on this one.
why not also add email confirmation (to old email address) when a user changes his email address?
wouldn't that prevent hackers from easily changing email address to take over an account?
this way, admins will be needed only if the user lost access to both forum accounts and email address
would this be available on the new forum?

Mail confirmation is quite a common practice nowadays, i would be quite surprised if it will not be there. Beside if the 2fa is going to be in the new forum you would need some confirmation for it as well.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!