Bitcoin Forum
September 15, 2019, 05:01:56 PM *
News: Latest Bitcoin Core release: 0.18.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: for gods sake, we need more security  (Read 800 times)
Xer0
Hero Member
*****
Offline Offline

Activity: 840
Merit: 1000


°^°


View Profile
March 05, 2014, 08:22:28 PM
 #1

why the hell can i just login into my account,
and change my email and security question right away?

it should at least ask for old question before changing to new,
and sending an email to the old email before you can set a new

gosh there were at least 3 accounts hacked in german sub today!
1568566916
Hero Member
*
Offline Offline

Posts: 1568566916

View Profile Personal Message (Offline)

Ignore
1568566916
Reply with quote  #2

1568566916
Report to moderator
1568566916
Hero Member
*
Offline Offline

Posts: 1568566916

View Profile Personal Message (Offline)

Ignore
1568566916
Reply with quote  #2

1568566916
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1568566916
Hero Member
*
Offline Offline

Posts: 1568566916

View Profile Personal Message (Offline)

Ignore
1568566916
Reply with quote  #2

1568566916
Report to moderator
Parliament
Newbie
*
Offline Offline

Activity: 52
Merit: 0



View Profile
March 11, 2014, 10:32:26 AM
 #2

2FA would be great. GAuth is stupid easy to implement, or you could go the hosted route if you like having someone to blame.

Then again, avatars have been broken forever, so I don't think implementing new features is too high on the priority list right now.
medicine
Hero Member
*****
Offline Offline

Activity: 696
Merit: 500



View Profile WWW
March 11, 2014, 12:26:40 PM
 #3

This topic seems quite important and we should try to keep it on the first page here to get more attention.  I didn't know this about the security questions and the longer accounts are used the more valuable they are.  I don't want to lose my account.

Is the issue money or developers time??
Parliament
Newbie
*
Offline Offline

Activity: 52
Merit: 0



View Profile
March 12, 2014, 07:07:01 AM
 #4

Is the issue money or developers time??

It's a whole Big ThingTM.
medicine
Hero Member
*****
Offline Offline

Activity: 696
Merit: 500



View Profile WWW
March 12, 2014, 12:10:47 PM
 #5

Ok that was a long read, but exactly the discussion that we need to be having.  I will be following the development closely.  Thanks for the link.
koshgel
Legendary
*
Offline Offline

Activity: 1120
Merit: 1001


View Profile
March 12, 2014, 09:48:39 PM
 #6

The last thing on the mind of the forum operator is security for its users. The end message by the staff here is WE DON'T CARE. If you lose your account or bitcoin, it's your own stupid fault.
alani123
Legendary
*
Offline Offline

Activity: 1876
Merit: 1039



View Profile
March 12, 2014, 09:53:24 PM
Last edit: March 12, 2014, 11:04:54 PM by alani123
 #7

Also emails are accessible from the "MEMBERS" page.

https://bitcointalk.org/index.php?action=mlist

It's too damn easy for someone to create a bot and colect them all. No wonder where they got the emails for the phising.


Ignore this. Seems like Hide email address from public? is selected by default in your profile. I had forgot that.



███             ▄▄▄███████▄▄▄          ████                   ████          ▄▄▄███████▄▄▄         
███         ▄███████████████████▄       ████                 ████       ▄███████████████████▄     
███       ▄██████▀▀       ▀▀██████▄      ████               ████      ▄██████▀▀       ▀▀██████▄   
███      █████▀               ▀█████      ████             ████      █████▀               ▀█████ 
███    ▐████▀                   ▀████▌     ████           ████     ▐████▀                   ▀████▌
███    ████▌                     ▐████      ████         ████      ████▌                     ▐████
███    ████                       ████       ████       ████       ████                       ████
███    ████                       ████        ████     ████        ████                       ████
███    ████▌                     ▐████         ████   ████         ████▌                     ▐████
███    ▐████▄                   ▄████▌          ████ ████          ▐████▄                   ▄████▌
███      █████▄               ▄█████             ███████             █████▄               ▄█████ 
███       ▀██████▄▄       ▄▄██████▀               █████               ▀██████▄▄       ▄▄██████▀   
███         ▀███████████████████▀                  ███                  ▀███████████████████▀     
███             ▀▀▀███████▀▀▀                       █                       ▀▀▀███████▀▀▀         
INTERNET OF VALUE OMNILEDGER
|
   
   
 
 
|


             ▄████▄▄   ▄
█▄          ██████████▀▄
███        ███████████▀
▐████▄     ██████████▌
▄▄██████▄▄▄▄█████████▌
▀████████████████████
  ▀█████████████████
  ▄▄███████████████
   ▀█████████████▀
    ▄▄█████████▀
▀▀██████████▀
    ▀▀▀▀▀
M
 

             █▀▀▀▄▄▄██▄
             █     ▀██▀
            █
         ▄▄▄█▄▄▄
 ████▄▄███████████▄▄████
▐██████▀▀███████▀▀██████▌
 ▀████    █████    ████▀
  ████▄  ▄█████▄  ▄████
  ▀███████████████████▀
   ▀████▄▀█████▀▄████▀
     ▀▀███▄▄▄▄▄███▀▀
         ▀▀▀▀▀▀▀
 

    ▄█████
   ████▀▀▀
   ████
   ████
██████████
▀▀▀████▀▀
   ████
   ████
   ████
   ████
   ████
   ▀▀▀▀
|
TheButterZone
Legendary
*
Offline Offline

Activity: 2548
Merit: 1011


Pay with SegWit!


View Profile WWW
March 12, 2014, 10:30:10 PM
 #8

"Hide email address from public?" should be selected by default on https://bitcointalk.org/index.php?action=profile;sa=account

Saying that you don't trust someone because of their behavior is completely valid.
theymos
Administrator
Legendary
*
Offline Offline

Activity: 3514
Merit: 6218


View Profile
March 12, 2014, 10:41:28 PM
 #9

"Hide email address from public?" should be selected by default on https://bitcointalk.org/index.php?action=profile;sa=account


This has been the case since 2009...

I left the admin account set to the original SMF theme so if I somehow completely wedge the custom theme I can still get in to fix it.

I've got a neat little 12x12 coin image to replace those pip stars with.  Should look nice.  Also some nice button images to try.

The registration page has "hide your e-mail address" unchecked by default.  I must fix that in php before we can open up.

The Announcements forum is currently moderator access only.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
TheButterZone
Legendary
*
Offline Offline

Activity: 2548
Merit: 1011


Pay with SegWit!


View Profile WWW
March 12, 2014, 10:43:48 PM
 #10

Indeed, so if you want to be spammed, you've unchecked the default setting.

Saying that you don't trust someone because of their behavior is completely valid.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!