|
TalkStar (OP)
|
 |
February 24, 2019, 07:31:09 PM |
|
Hello Everyone,
In recent times bitcointalk account hacking has been a big concern for us. We are getting thread where members are claiming for their hacked account and facing a hard situation to recover it. In current system there is a option "Always stay logged in". If you click on that then you don't need to put login details untill you use log out option. Many of us use google "save password" option for log in.
As a result we may forget our password because of not using it for a long time. On the other hand many users use same password for all online accounts and its an opportunity for hackers to hack their account easily.
How it will be if forum force to reset password in every 2 month? For example if someone didn't change his/her password during this time frame then he/she will redirect to password reset page after log in. After reset a new password he/she will be able to log in again.
In my opinion if this force password system implement by our forum then it will not be easier for hackers to hack users account. From my experience i have seen this force password system on some banking website where they force to reset their users account password in every 2 or 3 month. If hackers be able to steal users account info somehow still then they will not be able to use it for a long time due to force password system.
|
|
|
|
|
|
|
Each block is stacked on top of the previous one. Adding another block to the top makes all lower blocks more difficult to remove: there is more "weight" above each block. A transaction in a block 6 blocks deep (6 confirmations) will be very difficult to remove.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
LoyceV
Legendary
 Online
Activity: 3304
Merit: 16587
Thick-Skinned Gang Leader and Golden Feather 2021
|
|
February 24, 2019, 07:47:10 PM |
|
I couldn't disagree more!
I very much dislike online services that require a password change. If it can be compromised in 10 years, it can be compromised in 2 months too. Even worse: regular password changes are terrible: it's extra work, it requires me to make a new backup of my password manager, and for the users who don't use a password manager, it makes it impossible to remember a new difficult password all the time.
|
|
|
|
Pmalek
Legendary
 Offline
Activity: 2758
Merit: 7130
|
|
February 24, 2019, 07:50:50 PM |
|
The company I work for forces me to change my password every 60 days and that is actually a good idea you suggested. Many of us use google "save password" option for log in. You really should not do that! Password stealers are configured in such a way to find and steal the data that Chrome/Firefox and other browsers store when using the 'save password' option. At least get a password manager if you prefer saving your passwords. |
.
.BLACKJACK ♠ FUN. | | | ███▄██████
██████████████▀
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
█████████████████▄
░██████████████▀
████████████
███████████████░██
██████████ | | CRYPTO CASINO &
SPORTS BETTING | | │ | | │ | ▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
███████████████████ | | .
|
|
|
|
|
shield132
|
|
February 24, 2019, 08:36:12 PM |
|
Not in recent times but hacked accounts were always problem here, for example once famous member posted in Condoras's thread and he filled 0.5btc loan, in reality account was hacked, this man just didn't check it and lost his bitcoins. Usually such things were happening because of hacked accounts, that's real problem.
On another hand I don't like your idea of requesting password change every two months. I know my password well and I take care of my account, so why to change it that often for you? Do the same, set hard/different password and remember it, that's not hard lol.
|
|
|
|
Monix Cahyono
Newbie
Offline
Activity: 9
Merit: 3
|
|
February 24, 2019, 08:55:57 PM |
|
I'm agree with this I very much dislike online services that require a password change.
for security, in my opinion, this forum is enough to only use the google 2FA application without having to change the password regularly which makes the user have to memorize it again. |
|
|
|
|
logfiles
Copper Member
Legendary
Offline
Activity: 1974
Merit: 1647
Top Crypto Casino
|
|
February 24, 2019, 08:59:41 PM
Last edit: February 24, 2019, 10:27:14 PM by logfiles |
|
Do the same, set hard/different password and remember it, that's not hard lol.
Setting a hard/different password does not necessarily mean your account cannot be compromised. Malware inform of Key loggers and web extensions will do the damage  I even saw some thread(though I can't trace it right now) where someone said that he even used a very long hard password but his account was still compromised. That said, what I think should be done to avoid inconveniencing most users with timely password resets, they should only be applied by default if: - An account's IP address abruptly changes from what was previously recorded(probably from signing up or from a certain earlier period of the account's usage) - An account has woken up from some long period of inactivity. - Posting style has abruptly changed (from Spanish Local board then to suddenly Russian local board) |
|
|
|
HODL2090
Member
Offline
Activity: 210
Merit: 29
|
|
February 24, 2019, 09:09:14 PM |
|
The forum is not responsible for the personal security of the accounts of members. A forced password reset may not sit well with everyone, as can already be seen on this thread.
Suggesting it to the forum users as a step to further secure their accounts would be best. And anyone interested can heed the advise.
|
|
|
|
|
Quickseller
Copper Member
Legendary
Offline
Activity: 2870
Merit: 2298
|
|
February 24, 2019, 09:12:10 PM |
|
There are pros and cons to doing this.
If your password is compromised, someone may be able to access, and continue to access your account indefinitely if you do not change your password. If you recycle passwords (as many people do unfortunately), the chances of this happening to the password you are using go up over time.
OTOH, changing your password frequently will require either backups of a password manager frequently, or people will use less secure passwords. It will also lead to more frequent password resets, which is another security concern.
On balance, this is probably not a good idea because it would be unusual for someone to hack an account around here and not attempt to do something (such as post or send a PM that will elicit a response) that would attract the attention of the owner. A hacker might be able to read the personal messages of a hacked account on an ongoing basis, however there are warnings against sending sensitive information unencrypted.
|
|
|
|
|
DooMAD
Legendary
Offline
Activity: 3780
Merit: 3104
Leave no FUD unchallenged
|
|
February 24, 2019, 09:46:33 PM |
|
Not a fan of this at all. It's bad enough I have to do it at work, I don't want to do it here as well. Passwords are enough of a ballache as it is.
Bitcoin is about personal responsibility and I would hope this forum wouldn't take the "Nanny State" approach and interfere with users' wishes regarding security. Just like how 2FA isn't compulsory here as it is on some sites.
|
.
.HUGE. | | | | | | █▀▀▀▀
█
█
█
█
█
█
█
█
█
█
█
█▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
CASINO & SPORTSBOOK
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▄█ | | |
|
|
|
|
lobcmt2
|
|
February 25, 2019, 02:28:18 AM
Last edit: February 25, 2019, 02:38:53 AM by lobcmt2 |
|
Users should prepare enough both knowledge, skills, and carefulness to protect themselves from hackers. - Never use always stay log in option. - Never use the "Save/ Remember password" option. - Never use same passwords for your different types of accounts, especially if you use same email to register. - Never use add-ons from unknown third parties In addition, antivirus and internet security softwares should be used for all your devices that connect to Internet. Use strong passwords, secure devices, be careful and should stay away from third-party add-ons. And, stake bitcoin address with signed message to prove ownership. All of those steps are enough to protect accounts.
Moreover, I totally agreed with what LoyceV said. It turns into very complicated for users to regularly forced password-changing. We all are human, and it is hard to remember all passwords on all platforms. Even composing and saving backups of accounts, and account's passwords take a lot of time. It is so wasteful! There are topics that guide on how to secure IDs from threats over Internet space. [Guide] Bitcointalk account security ( sncc) Recovering hacked/lost accounts ( theymos) Stake your bitcoin address here ( Tomatocage) Do you know how hackers are collecting our data by smartphone & real life? ( Coolcryptovator) Must have web browser addons to keep you a step safer from phishing ( logfiles)
For password manager, can you help me links to services. I have never used password manager for my accounts. Thank you. password manager
|
|
|
|
|
malikusama
Copper Member
Sr. Member
Offline
Activity: 1050
Merit: 294
|
|
February 25, 2019, 05:03:57 AM |
|
How it will be if forum force to reset password in every 2 month? For example if someone didn't change his/her password during this time frame then he/she will redirect to password reset page after log in. After reset a new password he/she will be able to log in again.
This practice needs extra effort because every time you will have to create a backup when you change password which is definitely a headache. 2-3 months duration is too short for a password change,i never suggest that. Anyhow 4,5 months for a password change is acceptable if we really need it in future. Bitcoin is about personal responsibility and I would hope this forum wouldn't take the "Nanny State" approach and interfere with users' wishes regarding security. Just like how 2FA isn't compulsory here as it is on some sites.
I strongly agree with DooMAD, our online security is our own personal responsibility. |
|
|
|
|
DdmrDdmr
Legendary
Offline
Activity: 2310
Merit: 10757
There are lies, damned lies and statistics. MTwain
|
|
February 25, 2019, 07:14:14 AM |
|
<…>
I’ve got way too many site (all sorts) passwords to keep track off, and forcibly having to reset them to new values would be a real hazard. Despite what security best practice suggest, constant reset of passwords becomes a stretch for those that commit them to memory, and likely one will start spinning a given set, adding number sequences to them, and incrementing them on a plus one basis upon each password reset. I’d rather 2FA or alike to double secure the credential login process than having to test my memory even further. |
|
|
|
|
TheBeardedBaby
Legendary
Offline
Activity: 2184
Merit: 3134
₿uy / $ell
|
|
February 25, 2019, 07:37:24 AM |
|
No matter what level security you have, if you don't know how to protect your data, changing the data every x days won't do the job.
Those who know what to do are already protected enough, those who have no idea, have to be educated.
Instead of a forcing different procedures, better to add a link in the welcome message how to protect yourself from eventual intruders. It's not the forum responsibility to teach the newbies, but still we can add some helpful info.
In this digital world, how to protect yourself should be a common knowledge.
|
|
|
|
Jet Cash
Legendary
Offline
Activity: 2702
Merit: 2456
https://JetCash.com
|
Why should we be inconvenienced because people are too lazy or stupid to keep their computers and assets safe.
There is an old saying - " A fool and his Bitcoin Talk account are soon parted" - maybe we should have some guidance threads. Oh wait, we already have those, but people don't read them, unless they want to post "good project" of course. If people are addicted to unprotected sex with unknown porn sites, or they believe that an "investment" plan will be able to reward them with 50% interest every week, then they need to change more than their password.
|
Offgrid campers allow you to enjoy life and preserve your health and wealth. Save old Cars - my project to save old cars from scrapage schemes, and to reduce the sale of new cars. My new Bitcoin transfer address is - bc1q9gtz8e40en6glgxwk4eujuau2fk5wxrprs6fys |
|
|
r1s2g3
Sr. Member
Offline
Activity: 742
Merit: 395
I am alive but in hibernation.
|
|
February 25, 2019, 10:50:21 AM |
|
Actually I have the same policy in my work environment that you need to change password after every 30 days and you cannot keep previous 5 passwords. Guess what happens with me?
After every 4-5 month when I change the password if I do not note down my password (against the password policy of the company) , I end up raising the ticket to reset my password.
If you want to take all these pain and give all this pain to theymos then you are welcome.
A good password is always good until you did not tell anybody else or get phished.
A safe browsing habit is must ,though changing password occasionally will do no harm.
|
I am alive
|
|
|
Lucius
Legendary
Offline
Activity: 3234
Merit: 5635
Blackjack.fun-Free Raffle-Join&Win $50🎲
|
|
February 25, 2019, 11:03:19 AM |
|
Not a fan of this at all. It's bad enough I have to do it at work, I don't want to do it here as well. Passwords are enough of a ballache as it is.
I have the same opinion, forcing someone to change their password every 2-3 months will not contribute to the security of their accounts, moreover may cause even greater problems. What we need at this forum is 2FA, after every login code is sent to user e-mail and there is no way to hack user account except in case e-mail is compromised+password for forum also. I'm not sure how much this option is technically demanding to be implemented in this forum, but many other sites provide such additional protection. |
.
.BLACKJACK ♠ FUN. | | | ███▄██████
██████████████▀
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
█████████████████▄
░██████████████▀
████████████
███████████████░██
██████████ | | CRYPTO CASINO &
SPORTS BETTING | | │ | | │ | ▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
███████████████████ | | .
|
|
|
|
|
lobcmt2
|
|
February 26, 2019, 01:15:58 AM |
|
Lazy and careless guys will lose their passwords no matter what kind of security solutions implemented by the forum, such as regularly forced reset password. Why should we be inconvenienced because people are too lazy or stupid to keep their computers and assets safe.
Smartly choosing strong password, and securing computers as safe and secured as possible. That's all. |
|
|
|
|
franky1
Legendary
Online
Activity: 4214
Merit: 4461
|
|
February 26, 2019, 09:47:57 AM |
|
Not a fan of this at all. It's bad enough I have to do it at work, I don't want to do it here as well. Passwords are enough of a ballache as it is.
Bitcoin is about personal responsibility and I would hope this forum wouldn't take the "Nanny State" approach and interfere with users' wishes regarding security. Just like how 2FA isn't compulsory here as it is on some sites.
1. this forum is not bitcoin. it is not the bitcoin network 2. it is a site owned by someone and not a public community property but a private property 3. how dare doomad demand that a site owner cant/shouldnt add security/suggest precautions to his own property 4. how dare doomad then be hypocritical to say that bitcoins network should not do what the community desire 5. how dare doomad desire a corporate group should decide what to do with the network instead 6. doomad follow your own advice. if you dont like something someone is doing to his property, then you can "f**k off" i say this as reverse psychology(using his tone and mindeset) for 3,4,5,6 as its apparent that DOOMAD enjoys wanting a core group to ignore community wishes in respect of a community project. but then wants someones private property to follow community desires. doomad you love bitcoin having core as a nanny state. when bitcoin should not have a 'tory nanny controlling the family doomad hates bitcoin having open community of diverse family, when bitcoin should have diversity and everyone being members of a family doomad wake up. core is bitcoins nanny state. doomad if you dont want someone babysitting their own property. then why love someone babysitting other peoples property |
I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER.
Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
|
|
|
franky1
Legendary
Online
Activity: 4214
Merit: 4461
|
|
February 26, 2019, 09:58:27 AM |
|
with that said.
why even have passwords
why not have people register a public address. and then users login by signing a message using the keys of that address.
each log-in will be unique and a hacker cant just use a public key to log-in
whereby log-in is only successful if the unique signature matches. whereby the private key is never given to the forum,ever
it is a few steps better than just having a password on a server and uses a bitcoin feature that is under utilised outside the bitcoin network
|
I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER.
Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18509
|
|
February 26, 2019, 10:22:00 AM |
|
Bitcoin is about personal responsibility and I would hope this forum wouldn't take the "Nanny State" approach and interfere with users' wishes regarding security. Just like how 2FA isn't compulsory here as it is on some sites. Completely agree with your first sentence, but I would love to see (optional) 2FA here. Forcing users to change passwords does not improve security. If your password is complex enough to be secure, and you haven't been hacked, then changing it achieves nothing. Forcing changes makes no odds for the people who use password managers, but the majority of users don't. For this majority of users, they do 1 of the following things: 1) Set a new password which is almost identical to their old password - changing letmein01 to letmein02, for example 2) Endlessly cycle between a handful of passwords - to prevent this the forum needs to store all their old password, a security risk in and of itself 3) Write their passwords down to help them remember None of these are good security practices. With bitcoin, you are wholly responsible for your own security. I don't see why the forum should be any different. |
|
|
|
|
|
