After reading all above posts, i think there is a missed information:
When an account is proceeded for ownership change (email change), the following process occurs:
- The change is queued.
- It is listed in
seclog.php.
- The old email receives a warning.
-
After 7 days, the change goes through and another seclog.php entry is added.
The account stays locked throughout all of this.It means that when you receive an email informing you that the email address has been changed to a new one, you have some few options which i find sufficent enough:
- Lock the account with the link received in the email during the next 14 days as mentioned here:
Whenever your email is changed (except by an administrator), your old email will get an email about it with a link to lock your account. The link is valid for 14 days.
- During the one week period of ownership change, you can post all the evidence you have about the ownership of your account (staked btc address or PGP key / full control over the original email which you used to create the account...) so the administration can take hand of the situation and correct it:
Hopefully it will be essentially unheard of, but if an account is going to be incorrectly transferred, everyone who knows about the incorrect change should noisily post all of the evidence they have so that we can at least put the change on hold and re-review the evidence.
* Admins can act outside of procedure and bypass the queue if necessary, but hardly ever will.
Up to this point, all what you have to do is to secure your account following those advices, which i find essential and enough, based only on my opinion:
- Strong password: should be as strong as possible, lower & upper case, letter, etc. And, the account's password should be totally different than any other accounts on other platforms (in the case using the same email for different platform).
- 2FA for email that used to register forum account;
- Strong antivirus software, and keep it always updated.
- Staking bitcoin signed address in the forum;
- Keeping the wallet (on computers) as safely as possible.
So no need to ask/suggest adding more features to the forum or more restrictions. Active 2FA for the email is
fundamental.
Related threads to this, started by admin:
FYI: "ownership change queued"Recovering hacked/lost accountsAccount recoveries are moving againI have created this topic to record entries in
SecLog :
All the Ownership-Changed and Restored accounts
*Don't hesitate to correct me if you find anything wrong in this post.