My idea for automation in recovering stolen accounts

[alegotardo]

I've been thinking of an automated way to recover stolen accounts...
And i thought of a simple solution to be implemmented.

The user signs a message only with his nickname (the same as the forum) and fills two fields in the forum: wallet and signature.

The system checks the message based on the entered wallet and nickname of the account and verifies if it checks with the informed signature.

When that user needs to retrieve your account, he accesses a specific link, for example: https://bitcointalk.org/recovery.php
The forum informs a random word and requests the nickname and signature.
The user signs a new message with the word informed and pastes the signature into the forum.
The forum verifies the signature by searching for the wallet stored in the system, corresponding to the nickname informed. If everything is okay, ask for new password and email for the account in question.

All very simple for the user, easy to implement, automated and secure.
Why not?

Sorry for my english

[1714946399]

1714946399

[1714946399]

1714946399

[mdayonliner]

What if you are not using a valid email address? The forum does not have an email verification feature.

I had a different proposal to automate the same thing. Click here. I have seen similar proposal from another user too. I guess theymos has his own idea, may be he does not want this to be automated or may be he is looking for a better solution.

I heard they are working on new forum software so hopefully we will be seeing a solution for this in the new software.

[alegotardo]

What if you are not using a valid email address? The forum does not have an email verification feature.

Regardless of whether your email is valid or not, you only need the private key of your wallet to reset the password and also the email address of your account.

I had a different proposal to automate the same thing. Click here. I have seen similar proposal from another user too. I guess theymos has his own idea, may be he does not want this to be automated or may be he is looking for a better solution.

In fact it should have, but what is the idea and when will it be implemented?
Daily, numerous users suffer from slow recovery of their accounts

I heard they are working on new forum software so hopefully we will be seeing a solution for this in the new software.

Sincerely,
I already believe more in Santa Claus than in the new forum.

My idea is good.
See what currently this is the only way to recover a forum, but the process is all manual.
I am proposing the same thing, but in an automated and simple way.

[digaran]

Sold accounts not stolen, people should stop selling accounts. you want automate the process to farm and sell accounts industrially and then scam people.

[antifraud01]

Leave your bitcoin address and signature, this method is still available, but the efficiency of recovery is very low.

[LoyceV]

All very simple for the user, easy to implement, automated and secure.
Why not?

People have their Bitcoins stolen all the time. If someone can't keep a forum password secure, chances are he'll lose other data too. Even worse, phishing sites may start abusing this by convincing people to enter their private key. People are already entering their password on fake Bitcointalk (phishing) sites!

I've never seen any other forum where so many users lose access to their account. It's your own responsibility to keep your computer secure, Admins are already overloaded in work, and I don't think they want to add more features to the forum just for people who can't keep their password secure. Account recovery doesn't have a high priority.

[alegotardo]

Sold accounts not stolen, people should stop selling accounts. you want automate the process to farm and sell accounts industrially and then scam people.

I agree with you, I didn't think that way.
But, don't accuse me of practicing it (I hope it was not your intention).
In any case, if a person buys a bitcointalk account, she needs to f##k herself.

I think this would reduce reduce the sales if the administrator blocks the change of a wallet signature set in the profile.
Whoever buys an account knows that seller can recovery it.

Leave your bitcoin address and signature, this method is still available, but the efficiency of recovery is very low.

I've done this and everyone should do it, the problem lies in the fact that recovery is slow (sometimes impossible).
Apart from the time and hassle that managers spend on recoveries.

People have their Bitcoins stolen all the time. If someone can't keep a forum password secure, chances are he'll lose other data too. Even worse, phishing sites may start abusing this by convincing people to enter their private key. People are already entering their password on fake Bitcointalk (phishing) sites!

I've never seen any other forum where so many users lose access to their account. It's your own responsibility to keep your computer secure, Admins are already overloaded in work, and I don't think they want to add more features to the forum just for people who can't keep their password secure. Account recovery doesn't have a high priority.

It's true, the user will never stop being a user, susceptible to hacking, pishing and viruses. It's unfortunate and I agree with you.
And if he is dumb to give even your wallet private key, then he doesn't deserve to have a recovered account.

About the time of admins, I still think they spend much more time recovering these stolen/sold accounts than they would lose if they were to implement this feature.



Anyway...
My idea was to discuss the technical feasibility of a simple feature, but it seems that everyone thinks that the user does not matter, even if the cost is minimal.

Sorry again for my english and excuse my stubbornness

[mdayonliner]

Even worse, phishing sites may start abusing this by convincing people to enter their private key. People are already entering their password on fake Bitcointalk (phishing) sites!

You know what I think of the reasons for all these account hack and stuffs? Most probably it's for that (.to) phishing site. How come these people do not see that it's not .org it's .to


Click here if unable to see image

Please people, wake up!!!

[LoyceV]

You know what I think of the reasons for all these account hack and stuffs? Most probably it's for that (.to) phishing site. How come these people do not see that it's not .org it's .to

I fell for it, until I realized I wasn't logged in. The main problem is that Google shows many links to the phishing site, instead of banning them.
I don't normally look at tiny details in the top-bar when I'm just reading websites.

I have added this line to /etc/hosts

Code:

127.0.0.1       bitcointalk.to

Now my computer can't access that phishing site anymore.

Now it looks like this:

[Thirdspace]

All very simple for the user, easy to implement, automated and secure.
Why not?

as I said before in another thread, I believe theymos doesn't want automation on account recovery
he needs to review case by case and determine if account recovery should be granted

See what currently this is the only way to recover a forum, but the process is all manual.
I am proposing the same thing, but in an automated and simple way.

sometimes for certain things automated process is bad and vulnerable to abuse
and doing it manually can discover something that an automated process cannot apprehend

[alegotardo]

All very simple for the user, easy to implement, automated and secure.
Why not?

as I said before in another thread, I believe theymos doesn't want automation on account recovery
he needs to review case by case and determine if account recovery should be granted

See what currently this is the only way to recover a forum, but the process is all manual.
I am proposing the same thing, but in an automated and simple way.

sometimes for certain things automated process is bad and vulnerable to abuse
and doing it manually can discover something that an automated process cannot apprehend

We'll find a middle ground then...

First, the user do it the process automated (described in the first topic), and this triggers an alert for the theymos to will check the request.

So, Theimos isn't wasting time with fake requests and can still analyze if it recovers or not the account, based on its criteria.