Bitcoin Forum
November 17, 2019, 09:57:43 AM *
News: Latest Bitcoin Core release: 0.18.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: 1 2 [All]
  Print  
Author Topic: When will the account recovery problem be solved?  (Read 358 times)
cellard
Legendary
*
Offline Offline

Activity: 1372
Merit: 1211


View Profile
June 22, 2018, 11:42:19 AM
Merited by LoyceV (1)
 #1

It's been years since we've had people in endless queues waiting to get a message back from either Cyrus or theymos, and none of them answering for some reason, even after sufficient cryptographic proof was presented (typically, a signed bitcoin address).

We are not talking obvious spammers, but legit posters getting their account hacked, signing various BTC addresses and never getting a reply back. I think this is unfair and a bigger problem than some 3rd worlders spamming on 100+ page threads. Some legit users just can't get their accounts back, they lose their PM history and other valuable stuff.

I wonder when will the account recovery methods be improved. Probably hiring new staff to do the task should do.
1573984663
Hero Member
*
Offline Offline

Posts: 1573984663

View Profile Personal Message (Offline)

Ignore
1573984663
Reply with quote  #2

1573984663
Report to moderator
1573984663
Hero Member
*
Offline Offline

Posts: 1573984663

View Profile Personal Message (Offline)

Ignore
1573984663
Reply with quote  #2

1573984663
Report to moderator
1573984663
Hero Member
*
Offline Offline

Posts: 1573984663

View Profile Personal Message (Offline)

Ignore
1573984663
Reply with quote  #2

1573984663
Report to moderator
The Bitcoin Forum is turning 10 years old! Join the community in sharing and exploring the notable posts made over the years.
mdayonliner
Sr. Member
****
Offline Offline

Activity: 490
Merit: 364


I always respected forum rules even private ones


View Profile WWW
June 22, 2018, 11:51:02 AM
 #2

We are not talking obvious spammers, but legit posters getting their account hacked, signing various BTC addresses and never getting a reply back. I think this is unfair and a bigger problem than some 3rd worlders spamming on 100+ page threads. Some legit users just can't get their accounts back, they lose their PM history and other valuable stuff.

I wonder when will the account recovery methods be improved. Probably hiring new staff to do the task should do.
Does it scare you when you think if your account gets hacked or anything happen and then you wait weeks after weeks or months after months without any result to get your account back?

It does scare me a lot, because I am addicted to this forum.  Embarrassed

I could not stand the lies against me anymore. I can not prove them wrong too. It's better I live in peace.
So, I am willingly locking mdayonliner. Thank you BitcoinTalk. Be addictive, be a Bitcoiner.
bitmover
Hero Member
*****
Offline Offline

Activity: 658
Merit: 1110



View Profile
June 22, 2018, 11:57:04 AM
 #3

It's been years since we've had people in endless queues waiting to get a message back from either Cyrus or theymos, and none of them answering for some reason, even after sufficient cryptographic proof was presented (typically, a signed bitcoin address).

We are not talking obvious spammers, but legit posters getting their account hacked, signing various BTC addresses and never getting a reply back. I think this is unfair and a bigger problem than some 3rd worlders spamming on 100+ page threads. Some legit users just can't get their accounts back, they lose their PM history and other valuable stuff.

I wonder when will the account recovery methods be improved. Probably hiring new staff to do the task should do.

Yeah, this is very important as they are legit users. Most of them with quoted signed messages... I see some of them are having their account back, but it takes too long.

I think people look at those post where people ask for help and most users may think that they have nothing to do with it.

But we all could have our accounts hacked... This is a problem that concerns every legit user.

Maybe this process of address signature verification could be made faster.

mocacinno
Legendary
*
Offline Offline

Activity: 1764
Merit: 1823


https://unblur.ninja =>lightning network testsite


View Profile WWW
June 22, 2018, 12:01:41 PM
 #4

It's been years since we've had people in endless queues waiting to get a message back from either Cyrus or theymos, and none of them answering for some reason, even after sufficient cryptographic proof was presented (typically, a signed bitcoin address).

We are not talking obvious spammers, but legit posters getting their account hacked, signing various BTC addresses and never getting a reply back. I think this is unfair and a bigger problem than some 3rd worlders spamming on 100+ page threads. Some legit users just can't get their accounts back, they lose their PM history and other valuable stuff.

I wonder when will the account recovery methods be improved. Probably hiring new staff to do the task should do.

Yeah, this is very important as they are legit users. Most of them with quoted signed messages... I see some of them are having their account back, but it takes too long.

I think people look at those post where people ask for help and most users may think that they have nothing to do with it.

But we all could have our accounts hacked... This is a problem that concerns every legit user.

Maybe this process of address signature verification could be made faster.

I concur with the other opionions in this thread, altough i doubt it's merely a problem of the speed or effort of the signature verification process. Personally, i think the complete workflow might be long overdue for a complete overhaul.
I've got some experience writing scripts using the json-rpc interface of a bitcoin node, i think it should be fairly simple to automate the complete process up to the point where a human just needs to look at the end result of a request and click a button to either confirm or deny a password reset/account unlock.

Basically, if one would write a simple form where a random string is shown and where a user can enter the post where he/she staked his address, the address itself, the reset email address and the signature he made using the staked address signing the random string. The script could then just use the json-rpc query of a locked node to verify the message and save this data into a simple relational database.

An admin would have an admin interface with a view of this database showing the qouted post + post history (was this post edited or not) and the result of the signature, maybe combined with some account info fetched from the db (like logintimes, ip's, password changes,...). When this info is given in a simple way, the admin should be able to either confirm or deny the password request with the click of a button.
I haven't looked at smf's data model, but i can only imagine that resetting a password is just a matter of generating a random string, hashing it, updating the user's entry in the users info table and creating an email to send the unhashed password to the entered email (together with instructions for a password reset).

cellard
Legendary
*
Offline Offline

Activity: 1372
Merit: 1211


View Profile
June 22, 2018, 12:09:36 PM
 #5

We are not talking obvious spammers, but legit posters getting their account hacked, signing various BTC addresses and never getting a reply back. I think this is unfair and a bigger problem than some 3rd worlders spamming on 100+ page threads. Some legit users just can't get their accounts back, they lose their PM history and other valuable stuff.

I wonder when will the account recovery methods be improved. Probably hiring new staff to do the task should do.
Does it scare you when you think if your account gets hacked or anything happen and then you wait weeks after weeks or months after months without any result to get your account back?

It does scare me a lot, because I am addicted to this forum.  Embarrassed

Yes, this is why I made the thread, it could happen to any of us, and it would leave us out of the forum for months, maybe years, making an huge gap of inactivity which you would need to explain every time you want to do business with someone, and there's a risk they will just not believe it.

It's been years since we've had people in endless queues waiting to get a message back from either Cyrus or theymos, and none of them answering for some reason, even after sufficient cryptographic proof was presented (typically, a signed bitcoin address).

We are not talking obvious spammers, but legit posters getting their account hacked, signing various BTC addresses and never getting a reply back. I think this is unfair and a bigger problem than some 3rd worlders spamming on 100+ page threads. Some legit users just can't get their accounts back, they lose their PM history and other valuable stuff.

I wonder when will the account recovery methods be improved. Probably hiring new staff to do the task should do.

Yeah, this is very important as they are legit users. Most of them with quoted signed messages... I see some of them are having their account back, but it takes too long.

I think people look at those post where people ask for help and most users may think that they have nothing to do with it.

But we all could have our accounts hacked... This is a problem that concerns every legit user.

Maybe this process of address signature verification could be made faster.

I concur with the other opionions in this thread, altough i doubt it's merely a problem of the speed or effort of the signature verification process. Personally, i think the complete workflow might be long overdue for a complete overhaul.
I've got some experience writing scripts using the json-rpc interface of a bitcoin node, i think it should be fairly simple to automate the complete process up to the point where a human just needs to look at the end result of a request and click a button to either confirm or deny a password reset/account unlock.

Basically, if one would write a simple form where a random string is shown and where a user can enter the post where he/she staked his address, the address itself, the reset email address and the signature he made using the staked address signing the random string. The script could then just use the json-rpc query of a locked node to verify the message and save this data into a simple relational database. An admin could have an admin interface with an outlook of this database showing the qouted post and the result of the signature, maybe combined with some account info fetched from the db (like logintimes, ip's, password changes,...). When this info is given in a simple way, the admin should be able to either confirm or deny the password request with the click of a button.
I haven't looked at smf's data model, but i can only imagine that resetting a password is just a matter of generating a random string, hashing it, updating the user's entry in the users info table and creating an email to send the unhashed password to the entered email.

Indeed, the verification process could be speed up with some automation, but still, it will need human review, this takes time and I doubt Cyrus and theymos will spend the required time to speed up the process, to benefit from said database we still need someone reviewing it, we would need more Staff looking at each individual cases anyway. Automating the verification of the message would help a lot tho.
mdayonliner
Sr. Member
****
Offline Offline

Activity: 490
Merit: 364


I always respected forum rules even private ones


View Profile WWW
June 22, 2018, 12:27:45 PM
 #6

Yes, this is why I made the thread, it could happen to any of us, and it would leave us out of the forum for months, maybe years, making an huge gap of inactivity which you would need to explain every time you want to do business with someone, and there's a risk they will just not believe it.

From this fear, I proposed some solutions long ago and I have seen a lot of others did have different ideas but seems like we need to wait more to see any changes. I assume theymos has other priorities than looking at this issue.

[Proposal: prevent account hack] A complete new login system for BitcoinTalk <== https://bitcointalk.org/index.php?topic=3371718.0


I just hope for the best.


update:
IMO hiring a staff won't solve the problem since i'm sure there are too many cases to be handled by 1 person.

There should be automatic account restore with bitcoin address which already mentioned on these threads System to prove account ownership and recovery automatically - Demo included & [Proposal: prevent account hack] A complete new login system for BitcoinTalk
One staff only need to prove recovery request or/and investigate whether the private key was stolen if needed when the account was hacked.
Oh thanks ETFbitcoin for bringing the topic before me.

I could not stand the lies against me anymore. I can not prove them wrong too. It's better I live in peace.
So, I am willingly locking mdayonliner. Thank you BitcoinTalk. Be addictive, be a Bitcoiner.
Vod
Legendary
*
Offline Offline

Activity: 2926
Merit: 2325


Licking my boob since 1970


View Profile WWW
June 22, 2018, 12:45:08 PM
 #7

It's been years since we've had people in endless queues waiting to get a message back from either Cyrus or theymos, and none of them answering for some reason, even after sufficient cryptographic proof was presented (typically, a signed bitcoin address).

Here is what I don't understand.... Theymos is intelligent when it comes to programming.  He could easily create a type of account that had limited moderator abilities - specifically  the security rights to unlock an account.  A trusted user (like me) could spend some time to review signed messages and restore accounts, reducing workload.

I guess he just does not prioritize account recovery.  I understand his reasoning, since losing your account is, in most cases, your fault. 

I'm into creating universes, smiting people, writing holy books and listening to Prayer Messages (PMs).
BitcoinTalk Public Information Project (BPIP)  - BPIP Reports
"Masturbation makes you feel good but doesn't do anything for the person you're thinking of.  Just like prayer."
bitcoin revo
Legendary
*
Offline Offline

Activity: 1175
Merit: 1049



View Profile
June 22, 2018, 12:53:42 PM
 #8

I guess he just does not prioritize account recovery.  I understand his reasoning, since losing your account is, in most cases, your fault.  

I still don't think that it justifies putting them on standby indefinitely. Everyone makes mistakes, and those people got hacked because of them. We're not a perfect society and forcing people out of their accounts on this forum because of their blunders in the past is way harsher than it needs to be.

IMO hiring a staff won't solve the problem since i'm sure there are too many cases to be handled by 1 person.

Surely once we get past the backlog of hacked accounts, the influx of them can't exceed, say, 20 or 30 a day (which is quite an overestimation just to emphasize my point). That number would comfortably be checked and restored within an hour. An hour of work per day can, again, comfortably be put onto one semi-dedicated person. All we need is some extra work in the beginning and this issue wouldn't even be an issue.
cellard
Legendary
*
Offline Offline

Activity: 1372
Merit: 1211


View Profile
June 22, 2018, 02:52:01 PM
 #9

It's been years since we've had people in endless queues waiting to get a message back from either Cyrus or theymos, and none of them answering for some reason, even after sufficient cryptographic proof was presented (typically, a signed bitcoin address).

Here is what I don't understand.... Theymos is intelligent when it comes to programming.  He could easily create a type of account that had limited moderator abilities - specifically  the security rights to unlock an account.  A trusted user (like me) could spend some time to review signed messages and restore accounts, reducing workload.

I guess he just does not prioritize account recovery.  I understand his reasoning, since losing your account is, in most cases, your fault.  

Unfortunate events can happen to everyone. Even satoshi lost his gmx account and said account got eventually hacked and exploited. It can happen to anyone. Keeping email accounts and forum passes online it's not the same as keeping your private keys offline (which never touch the internet). As soon as something touches the internet there is a % of disaster out of your reach, like a security breach on the email provider's side and so on.

I guess theymos is paranoid to allow other people to do this job, otherwise I don't understand why he doesn't hire more people. Until then we will have ridiculous amounts of threads with an endless queue of people wanting to get their account back.

I could do it too, it would take me literally 1 minute to verify signatures and a quick look at posting history.
bitmover
Hero Member
*****
Offline Offline

Activity: 658
Merit: 1110



View Profile
June 22, 2018, 04:46:17 PM
 #10

It's been years since we've had people in endless queues waiting to get a message back from either Cyrus or theymos, and none of them answering for some reason, even after sufficient cryptographic proof was presented (typically, a signed bitcoin address).

Here is what I don't understand.... Theymos is intelligent when it comes to programming.  He could easily create a type of account that had limited moderator abilities - specifically  the security rights to unlock an account.  A trusted user (like me) could spend some time to review signed messages and restore accounts, reducing workload.

I guess he just does not prioritize account recovery.  I understand his reasoning, since losing your account is, in most cases, your fault.  

Unfortunate events can happen to everyone. Even satoshi lost his gmx account and said account got eventually hacked and exploited. It can happen to anyone. Keeping email accounts and forum passes online it's not the same as keeping your private keys offline (which never touch the internet). As soon as something touches the internet there is a % of disaster out of your reach, like a security breach on the email provider's side and so on.


I agree. Everyone can be hacked. Maybe not everyone ,but most of people.  not everyone here is a cyber security expert, there is a lot of diversification here in this forum.

 people have different life styles. Some people use multiple devices (if someone travels a lot), or they can trust some third party password manager that got hacked... There are many things out of our control, and one security solution that works for one person may not work for another as they have different habits

cellard
Legendary
*
Offline Offline

Activity: 1372
Merit: 1211


View Profile
June 23, 2018, 05:01:54 PM
Merited by DdmrDdmr (2)
 #11

It's been years since we've had people in endless queues waiting to get a message back from either Cyrus or theymos, and none of them answering for some reason, even after sufficient cryptographic proof was presented (typically, a signed bitcoin address).

Here is what I don't understand.... Theymos is intelligent when it comes to programming.  He could easily create a type of account that had limited moderator abilities - specifically  the security rights to unlock an account.  A trusted user (like me) could spend some time to review signed messages and restore accounts, reducing workload.

I guess he just does not prioritize account recovery.  I understand his reasoning, since losing your account is, in most cases, your fault.  

Unfortunate events can happen to everyone. Even satoshi lost his gmx account and said account got eventually hacked and exploited. It can happen to anyone. Keeping email accounts and forum passes online it's not the same as keeping your private keys offline (which never touch the internet). As soon as something touches the internet there is a % of disaster out of your reach, like a security breach on the email provider's side and so on.


I agree. Everyone can be hacked. Maybe not everyone ,but most of people.  not everyone here is a cyber security expert, there is a lot of diversification here in this forum.

 people have different life styles. Some people use multiple devices (if someone travels a lot), or they can trust some third party password manager that got hacked... There are many things out of our control, and one security solution that works for one person may not work for another as they have different habits

It's not even a matter of being a cyber security expert. It's only a matter of time and everyone will get their password stolen or somehow compromised, it's going to happen to everyone because of reasons out of your control.

Again, one just can't "cold storage passwords". Passwords are exposed online daily, by necessity, this is an huge attack vector, that can come from the forum, from the email provider, and so on. This is why Bitcoin is genius, the cold storaged private keys don't suffer from that. Which is why also account recovery, when presented with signed private addresses, should have high priority and the recovery should be fast, not take months, sometimes not even happening.
OgNasty
Donator
Legendary
*
Offline Offline

Activity: 3094
Merit: 1735


I 💚 Bitcoin


View Profile
June 23, 2018, 05:46:32 PM
 #12

While you see an account recovery problem, I’m sure the forum’s administration sees it as a user securing their login problem.

LoyceV
Legendary
*
Online Online

Activity: 1666
Merit: 5060


Largest Merit Circle on BPIP!


View Profile WWW
June 23, 2018, 06:42:42 PM
 #13

Does it scare you when you think if your account gets hacked or anything happen and then you wait weeks after weeks or months after months without any result to get your account back?
Yes, it does Sad

I wonder when will the account recovery methods be improved. Probably hiring new staff to do the task should do.
Hilariousandco often responds in those threads already, it seems to me he's capable and has the time to do it, but has no access to restore accounts.

A trusted user (like me) could spend some time to review signed messages and restore accounts, reducing workload.
I tried that that 2 months ago, but locked the thread after reading this:
You'll be wasting your time and theirs. I was doing this when people have fully verified their accounts sufficiently and the number of responses I've had from them both is zero and as far as I'm aware they're all still awaiting their accounts to be restored.

I guess he just does not prioritize account recovery.  I understand his reasoning, since losing your account is, in most cases, your fault.
Now both theymos and cyrus just keep getting the same PMs over and over again. That's a waste of their time too.

KWH
Legendary
*
Offline Offline

Activity: 1904
Merit: 1045

In Collateral I Trust.


View Profile
June 23, 2018, 07:58:00 PM
 #14

I've volunteered in the past to help with this issue but didn't get a reply. Nothing else I can do on my end.

When the subject of buying BTC with Paypal comes up, I often remember this: 

Insanity: doing the same thing over and over again and expecting different results.

Albert Einstein
cellard
Legendary
*
Offline Offline

Activity: 1372
Merit: 1211


View Profile
June 24, 2018, 12:23:32 AM
 #15

Now both theymos and cyrus just keep getting the same PMs over and over again. That's a waste of their time too.

I've volunteered in the past to help with this issue but didn't get a reply. Nothing else I can do on my end.

I guess this is where the conspiracy theories come from, said conspiracies being that theymos and cyrus take control of some accounts in order to sell them or something along the lines. I think that is nonsense considering theymos is loaded with bitcoins from being an early miner so he is set for life, cyrus is probably in good standing too.

At the same time, the fact that they are bitcoin whales also make it understandable that they wouldn't spend too much time managing the forum, but this isn't a justification to leave people in a desperate endless wait, ignoring signed bitcoin addresses as definitive proof (if that proof is going to be ignored, then what's the point? that is what bitcoin is about, verifying, and verifying takes just a minute, something that Staff could be doing speeding up the process and cleaning up the meta section as all the lost password threads get solved. As people get desperate they bump their own threads, so the queue keeps growing and everyone is self bumping these growing threads, eventually the entire meta section will be people wanting to get their passes recovered.
KWH
Legendary
*
Offline Offline

Activity: 1904
Merit: 1045

In Collateral I Trust.


View Profile
June 24, 2018, 12:26:59 AM
 #16

I don't think it's a conspiracy, more like little time for something that takes a lot of time to verify.

When the subject of buying BTC with Paypal comes up, I often remember this: 

Insanity: doing the same thing over and over again and expecting different results.

Albert Einstein
Vod
Legendary
*
Offline Offline

Activity: 2926
Merit: 2325


Licking my boob since 1970


View Profile WWW
June 24, 2018, 01:22:14 AM
 #17

At the same time, the fact that they are bitcoin whales also make it understandable that they wouldn't spend too much time managing the forum

I've spent almost 300 days online in this forum.  I don't make any money...  Some people do things because they like to do them.

I'm into creating universes, smiting people, writing holy books and listening to Prayer Messages (PMs).
BitcoinTalk Public Information Project (BPIP)  - BPIP Reports
"Masturbation makes you feel good but doesn't do anything for the person you're thinking of.  Just like prayer."
aronalek
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
June 24, 2018, 05:44:49 AM
 #18

This is a serious problem and it should be solved in hours instead of months. It can be frustrating for a member to wait for so long.
LoyceV
Legendary
*
Online Online

Activity: 1666
Merit: 5060


Largest Merit Circle on BPIP!


View Profile WWW
June 24, 2018, 07:44:03 AM
 #19

I guess this is where the conspiracy theories come from, said conspiracies being that theymos and cyrus take control of some accounts in order to sell them or something along the lines.
Theymos answered this:
Quote
No, we never sell accounts.
~
if I wanted to sell highly-ranked accounts, I would just create accounts with Ultra-Legendary status, 1 million merit, +9999 trust, etc. and sell those.

hilariousetc
Legendary
*
Offline Offline

Activity: 1400
Merit: 2249


https://bitcoin.watfordfc.com


View Profile
June 24, 2018, 08:20:10 AM
Merited by Welsh (2), mdayonliner (1)
 #20

The only way it is going to be solved is if theymos or cyrus start actively restoring them, or somebody else is promoted to Admin or given access to restore accounts. The issue is purely manpower based. Theymos and Cyrus probably don't have time so they're just not getting looked into. Even cases that almost certainty cut and dry are just getting added to the pile which grows bigger every day.
 
Now both theymos and cyrus just keep getting the same PMs over and over again. That's a waste of their time too.

I've volunteered in the past to help with this issue but didn't get a reply. Nothing else I can do on my end.

I guess this is where the conspiracy theories come from, said conspiracies being that theymos and cyrus take control of some accounts in order to sell them or something along the lines.

If theymos wanted to make more money there are numerous legitimate ways that he could monetise this forum better, but as usual people like to invent conspiracies up because they're always more sexy and exciting. I've personally suggested a few ways to theymos like adding more donator ranks and more advertising slots like at the top of certain sub boards (I think people would pay premium for ones above Bitcoin Discussion and Gambling etc). The current advertising slots are barely noticeable especially when they're drowned out with signatures (and some people have even mistaken them for a signature advertisement before). If theymos wanted more money for himself he could also just pay himself a huge wage but as far as mod payments go even a very active patroller gets more than him currently so it's probably not about money. A while back I did even suggest he pay himself an appropriate wage and do admin duties here full time because one is still badly needed and if there's nobody else he trusts fully then that's probably the only way.

It's been years since we've had people in endless queues waiting to get a message back from either Cyrus or theymos, and none of them answering for some reason, even after sufficient cryptographic proof was presented (typically, a signed bitcoin address).

Here is what I don't understand.... Theymos is intelligent when it comes to programming.  He could easily create a type of account that had limited moderator abilities - specifically  the security rights to unlock an account.  A trusted user (like me) could spend some time to review signed messages and restore accounts, reducing workload.


Any other active staff member could do this as well. I don't think Cyrus' account has full admin-access like theymos' (or root access or whatever).

At the same time, the fact that they are bitcoin whales also make it understandable that they wouldn't spend too much time managing the forum

I've spent almost 300 days online in this forum.  I don't make any money...  Some people do things because they like to do them.

I wouldn't be against a user like you doing it but there are also numerous staff members who could as well. I think you'd get pretty burned out by it quite quickly though if you were doing it purely voluntarily. You would get spammed to death by people and the amounts of accounts that need restoring is probably at least a part-time job right now (and we probably need at least one full time admin anyway to handle all the other issues). If you're happy to spend half of your time on here restoring accounts for fun though, then go for it  Grin.

Unfortunate events can happen to everyone. Even satoshi lost his gmx account and said account got eventually hacked and exploited. It can happen to anyone. Keeping email accounts and forum passes online it's not the same as keeping your private keys offline (which never touch the internet). As soon as something touches the internet there is a % of disaster out of your reach, like a security breach on the email provider's side and so on.

Exactly, there's always a weak point and anyone could be targetted or slip up at some point. Let's not forget that one of the main reasons why people are losing their accounts in the first place is that the forum was hacked and password hashes were leaked. Is this theymos' fault? No, it was the hosting's as they were cleverly exploited, but it shows you that there's always some way that you can get hacked.

Personally, I don't really care who does it as long as they're trusted, but if theymos and cyrus aren't actively going to be doing account restorations then someone else really needs to.

bitmover
Hero Member
*****
Offline Offline

Activity: 658
Merit: 1110



View Profile
June 24, 2018, 11:17:22 AM
Merited by mdayonliner (1)
 #21

i think this could be easily solved using a form on a login page.
You just click on "my account was hacked"

Then you enter your username, your registered address  and the page tells you to write today's date and sign the message.

This could be easily checked, maybe even automatically if someone uses a script like brainwallet's website.

If the message verifies successfully, you are redirect to a set a new password page

mdayonliner
Sr. Member
****
Offline Offline

Activity: 490
Merit: 364


I always respected forum rules even private ones


View Profile WWW
June 24, 2018, 11:52:13 AM
 #22

i think this could be easily solved using a form on a login page.
You just click on "my account was hacked"

Then you enter your username, your registered address  and the page tells you to write today's date and sign the message.

This could be easily checked, maybe even automatically if someone uses a script like brainwallet's website.

If the message verifies successfully, you are redirect to a set a new password page
Bottom line is: Automation.

I could not stand the lies against me anymore. I can not prove them wrong too. It's better I live in peace.
So, I am willingly locking mdayonliner. Thank you BitcoinTalk. Be addictive, be a Bitcoiner.
LoyceV
Legendary
*
Online Online

Activity: 1666
Merit: 5060


Largest Merit Circle on BPIP!


View Profile WWW
June 24, 2018, 01:32:05 PM
 #23

If the message verifies successfully, you are redirect to a set a new password page
That creates another angle of attack: people lose (or even sell) private keys, which would give someone access to their account.

bitmover
Hero Member
*****
Offline Offline

Activity: 658
Merit: 1110



View Profile
June 24, 2018, 05:08:29 PM
 #24

If the message verifies successfully, you are redirect to a set a new password page
That creates another angle of attack: people lose (or even sell) private keys, which would give someone access to their account.

But if someone sells his own private key, or loses it, this is entirely his fault.

This is different from a hacked account, which is a lot more unsafe.
As a private key can be stored 100% offline.

cellard
Legendary
*
Offline Offline

Activity: 1372
Merit: 1211


View Profile
July 04, 2018, 03:32:43 PM
Last edit: July 04, 2018, 03:43:57 PM by cellard
 #25

Another case of insanity: 9 months of wait for an hero account and counting:

https://bitcointalk.org/index.php?topic=2851296.0

I would like to see if someone can make a list of all the most blatant cases of a person whose account obviously belongs to the user demanding it to be recovered but they have been waiting for a long time to no end. I wonder who currently holds the forum record of waiting. Looks like some people is definitely about to cross the 1 year mark... c'mon guys.

edit: actually that guy says he cannot sign a message, but anyway, there are many other cases, for instance:

https://bitcointalk.org/index.php?topic=2251399.40

That's x4 signature proof. Yet it's been a wait since November 2017. We a have big queue of cases like that, which would take 2 seconds to fix. The longer a solution is delayed the bigger the queue is becoming. At some point it will be nonviable even after hiring more staff for the task. We need to empty the queue soon.
hilariousandco
Chopper Member
Global Moderator
Legendary
*
Offline Offline

Activity: 2184
Merit: 1687


https://bitcoin.watfordfc.com


View Profile WWW
July 04, 2018, 03:46:42 PM
 #26

ld like to see if someone can make a list of all the most blatant cases of a person whose account obviously belongs to the user demanding it to be recovered but they have been waiting for a long time to no end. I

Someone already compiled a list of accounts, though I don't think it's even half complete: https://bitcointalk.org/index.php?topic=4190622.0

████████████████████████████
████████▀▀ █▀ █▀ ▀██████████
█████████▄ ▄▄▄▄▄▄███████████
██████████▀     ▀  ▀████████
███████▀ ▀  ▄█▀▀▀█▀▀████████
██████▄      █▄  ▀▀  ▀██████
██████         ▄▄█▄ ▄ ▀█████
█████ ▄         ▀▀ ▄ ▀ █████
██████▌          █▀█▀ ▐█████
███████  ▄▌         ▄ ██████
████████▄█         ▄████████
█████████▀     ▄▄ ▄█████████
████████████████████████████
.JACKMATE'S...........
.
MAJESTIC..
████████████████████████
███████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
.
..WIN 1 BITCOIN ON EVERY PREMIER LEAGUE MATCHDAY..
████████████████████████████████
████████████▀█▀ ▀█▀█▀███████████
███████████▄ ▄▄▄▄▄▄▄████████████
███████████▀▀▄▄▄▄▄▄▄▄███████████
█████████▀▄ ██▀▄▄▄ ▀ ▄▀█████████
███████▀ ▀█████▄▄▄█▄▄▄██████████
███████▀▄████████▀  ▀█ █▐███████
███████ ▀█████████▄█▀▀██ ███████
████████ ███▀██████ ▄ ██ ███████
████████▌▐▀▄ ██████████ ▄███████
█████████▄██▌▐█████▀██ █████████
████████████▄▀▀▀▀▀▄ ▀▄██████████
████████████████████████████████
.
.JOIN US - IT'S FREE! .
Pages: 1 2 [All]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!