Bitcoin Forum
September 15, 2019, 09:45:31 PM *
News: If you like a topic and you see an orange "bump" link, click it. More info.
 
   Home   Help Search Login Register More  
Poll
Question: Should there be an option to get an e-mail notification upon logging in
Yes - 18 (94.7%)
No - 1 (5.3%)
Total Voters: 19

Pages: « 1 [2] 3 »  All
  Print  
Author Topic: Create an option to get an e-mail notification someone logs in  (Read 753 times)
o_e_l_e_o
Hero Member
*****
Offline Offline

Activity: 686
Merit: 2702



View Profile
June 05, 2019, 04:18:14 PM
 #21

An email notification when someone logs into an account could be useful in order to act as quick as possible. This could have it’s tweaks such as only notify when you do so from a new IP (to delimit the number of notifications), and have an opt-in option to activate it.
I think this is the neatest solution. We know from theymos' topic Retention/privacy info and from the page https://bitcointalk.org/privacy.php that your IP is logged for at least 3 months, and partially up to 2 years. It would be fairly easy to implement a simple check upon login of the current IP compared to all previous IPs, and fire off an email notification if the IP is brand new. That would stop users who wanted this option from being flooded with emails. The obvious drawback here is that it wouldn't work well with Tor or anyone who frequently rotates to new VPN servers.

1568583931
Hero Member
*
Offline Offline

Posts: 1568583931

View Profile Personal Message (Offline)

Ignore
1568583931
Reply with quote  #2

1568583931
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
suchmoon
Legendary
*
Offline Offline

Activity: 2072
Merit: 3913


Pedal-powered plaguebot


View Profile
June 05, 2019, 04:39:05 PM
 #22

it wouldn't work well with Tor or anyone who frequently rotates to new VPN servers.

Perhaps add another alert for user agent then. I bet no hacker would guess that my browser is "NCSA_Mosaic/1.0 (Windows 3.1)".

Quickseller
Copper Member
Legendary
*
Offline Offline

Activity: 1904
Merit: 1745



View Profile WWW
June 05, 2019, 04:54:53 PM
 #23



Edit: I forgot to take a screen shot of the previous poll. It was 9 to 5 in favor of adding an option to get e-mail notification when sending a PM.
If you are infected with malware, it is possible someone could access your account without logging in. The hacker could possibly access your account locally on your computer, or they could copy the cookie used to validate you and logged in.

Find the fire hydrant in my Avatar for a prize.
bones261
Legendary
*
Offline Offline

Activity: 1680
Merit: 1695


KnowNoBorders.io


View Profile
June 05, 2019, 06:05:28 PM
 #24

If you are infected with malware, it is possible someone could access your account without logging in. The hacker could possibly access your account locally on your computer, or they could copy the cookie used to validate you and logged in.

Well, I realize that my proposed solutions won't make someone's security foolproof.  Just another pesky pawn that one could place to get in the way of the hacker's queen.

   ▄▄██████▄▄
  ████████████
███▄▄
 ██████████████▀▀▀██▄
████████████████   ▀██▄
████████████████     ▀██
██████████████       ██▌
██████████████        ▐██
██▌▀▀██████▀▀         ▐██
▐██                   ██▌
 ██▄                 ▄██
  ▀██▄             ▄██▀
    ▀██▄▄▄     ▄▄▄██▀
      ▀▀█████████▀▀
MAIN CLUB
PARTNER of
W A T F O R D  FC
Industry Leading Crypto Sportsbook
|
SPECIAL
WATFORD FC
PROMOTIONS
|
UNIQUE
CONTENT &
GIVEAWAYS
|
▄▄█████████▄▄
▄█████████████████▄
▄██████████▀▀▀▀███████▄
▄█████████▀     ████████▄
▄██████████   ████████████▄
█████████        ██████████
█████████▄▄   ▄▄███████████
███████████   █████████████
▀██████████   ████████████▀
▀█████████   ███████████▀
▀████████▄▄▄██████████▀
▀█████████████████▀
▀▀█████████▀▀
.PLAY  HERE.
[/t
CryptopreneurBrainboss
Hero Member
*****
Offline Offline

Activity: 560
Merit: 773


LiveCoin - is a modern stock exchange


View Profile WWW
June 05, 2019, 06:08:55 PM
 #25

Before I vote, I need to be cleared on the whole idea of email notification, what's the aim of this suggestion, is it that you want to to get notified each time your account get logged into or you're trying to prevent hackers from accessing our account?.

How about recieving this notification only when there is a change in users IP address instead of receiving a notification for every login attempt. Most platform uses this feature and it helps prevent hack attempts.

If the whole suggestion is about preventing hackers from gaining access to your account I don't see the usefulness of a notification when it might be too late before you can do anything about it.

█████████▄           ▄█
▀██▄         ██
▀██▄    ▄▄ ██
▀███ ███ ██
█████████▄        ▀▀ ██
▀██▄      ▄▄ ██
▄█████████ ███ ██
▄██▀          ▀▀ ██
████
█▀            ▄▄ ██
▄██ ███ ██
▄██▀   ▀▀ ██
▄██▀        ██
███████████▀          ▀█




▄▄█
█████
█████
█████
█████
█████

█████

█████

█████


▄▄█
█████
█████
█████
█████
█████
█████
█████

█████

█████

█████
▄▄█
█████
█████
█████
█████
█████
█████
█████
█████
█████

█████

█████

█████
█▄           ▄█████████
██         ▄██▀
██ ▄▄    ▄██▀
██ ███ ███▀
██ ▀▀        ▄█████████
██ ▄▄      ▄██▀
██ ███ █████████▄
██ ▀▀          ▀██▄
██ ▄▄            ▀█████
██ ███ ██▄
██ ▀▀   ▀██▄
██        ▀██▄
█▀          ▀███████████
Quickseller
Copper Member
Legendary
*
Offline Offline

Activity: 1904
Merit: 1745



View Profile WWW
June 05, 2019, 06:13:47 PM
 #26

If you are infected with malware, it is possible someone could access your account without logging in. The hacker could possibly access your account locally on your computer, or they could copy the cookie used to validate you and logged in.

Well, I realize that my proposed solutions won't make someone's security foolproof.  Just another pesky pawn that one could place to get in the way of the hacker's queen.
Having an option to receive an email notification when a PM is sent would be beneficial. Obviously not everyone has a real email attached to their account or activity monitors their attached email.

The email sent to respond to a message contains a link to reply to the message. I can see a lot of people accidentally clicking on the security link when receiving a email saying they just sent a PM, if they are in the middle of a PM conversation.

Find the fire hydrant in my Avatar for a prize.
bones261
Legendary
*
Offline Offline

Activity: 1680
Merit: 1695


KnowNoBorders.io


View Profile
June 05, 2019, 06:38:57 PM
Merited by CryptopreneurBrainboss (1)
 #27

Before I vote, I need to be cleared on the whole idea of email notification, what's the aim of this suggestion, is it that you want to to get notified each time your account get logged into or you're trying to prevent hackers from accessing our account?.

How about recieving this notification only when there is a change in users IP address instead of receiving a notification for every login attempt. Most platform uses this feature and it helps prevent hack attempts.

If the whole suggestion is about preventing hackers from gaining access to your account I don't see the usefulness of a notification when it might be too late before you can do anything about it.

   It appears that some scammers on Telegram are trying to gain confidence from people by telling them they are a bitcointalk member. It appears one scammer may have gotten access to a reputed members account and sent PMs under the member's nose. Unfortunately, for the reputed member, there is really no way to prove definitively that he was "hacked." Now he is being asked to potentially make up for the victim's loss. I just want to make it harder for scammer's to use another person's account on the down low. I realize that e-mail notification is not a fail-safe. However, offering as many tools as possible to give people notification that their account may be compromised is a good thing. I personally don't want to force additional security options on people though. I think it should be up to the person to use the extra tool or not.

   ▄▄██████▄▄
  ████████████
███▄▄
 ██████████████▀▀▀██▄
████████████████   ▀██▄
████████████████     ▀██
██████████████       ██▌
██████████████        ▐██
██▌▀▀██████▀▀         ▐██
▐██                   ██▌
 ██▄                 ▄██
  ▀██▄             ▄██▀
    ▀██▄▄▄     ▄▄▄██▀
      ▀▀█████████▀▀
MAIN CLUB
PARTNER of
W A T F O R D  FC
Industry Leading Crypto Sportsbook
|
SPECIAL
WATFORD FC
PROMOTIONS
|
UNIQUE
CONTENT &
GIVEAWAYS
|
▄▄█████████▄▄
▄█████████████████▄
▄██████████▀▀▀▀███████▄
▄█████████▀     ████████▄
▄██████████   ████████████▄
█████████        ██████████
█████████▄▄   ▄▄███████████
███████████   █████████████
▀██████████   ████████████▀
▀█████████   ███████████▀
▀████████▄▄▄██████████▀
▀█████████████████▀
▀▀█████████▀▀
.PLAY  HERE.
[/t
Joel_Jantsen
Legendary
*
Offline Offline

Activity: 1302
Merit: 1234


Can I merit you with some Flags? 🚩


View Profile
June 05, 2019, 07:09:24 PM
 #28

It appears that some scammers on Telegram are trying to gain confidence from people by telling them they are a bitcointalk member. It appears one scammer may have gotten access to a reputed members account and sent PMs under the member's nose. Unfortunately, for the reputed member, there is really no way to prove definitively that he was "hacked."
One of the hackey ways I could think of is, checking the Last Active option of your account and verifying with your actual Last Active time. OF COURSE, you've to check it without logging in on the website and opening your profile.

Now he is being asked to potentially make up for the victim's loss. I just want to make it harder for scammer's to use another person's account on the down low. I realize that e-mail notification is not a fail-safe. However, offering as many tools as possible to give people notification that their account may be compromised is a good thing. I personally don't want to force additional security options on people though. I think it should be up to the person to use the extra tool or not.
2FA can potentially solve the above issue but we have it coming up in the new forum (hopefully). IP based verification should be used in connection with the login logic. Something what LBC does, if they find youe opening the site from a different IP that doesn't exist before, you're forced to do confirm a link sent in your email.

.BitDice.               ▄▄███▄▄
           ▄▄██▀▀ ▄ ▀▀██▄▄
      ▄▄█ ▀▀  ▄▄█████▄▄  ▀▀ █▄▄
  ▄▄██▀▀     ▀▀ █████ ▀▀     ▀▀██▄▄
██▀▀ ▄▄██▀      ▀███▀      ▀██▄▄ ▀▀██
██  ████▄▄       ███       ▄▄████  ██
██  █▀▀████▄▄  ▄█████▄  ▄▄████▀▀█  ██
██  ▀     ▀▀▀███████████▀▀▀     ▀  ██
             ███████████
██  ▄     ▄▄▄███████████▄▄▄     ▄  ██
██  █▄▄████▀▀  ▀█████▀  ▀▀████▄▄█  ██
██  ████▀▀       ███       ▀▀████  ██
██▄▄ ▀▀██▄      ▄███▄      ▄██▀▀ ▄▄██
  ▀▀██▄▄     ▄▄ █████ ▄▄     ▄▄██▀▀
      ▀▀█ ▄▄  ▀▀█████▀▀  ▄▄ █▀▀
           ▀▀██▄▄ ▀ ▄▄██▀▀
               ▀▀███▀▀
        ▄▄███████▄▄
     ▄███████████████▄
    ████▀▀       ▀▀████
   ████▀           ▀████
   ████             ████
   ████ ▄▄▄▄▄▄▄▄▄▄▄ ████
▄█████████████████████████▄
██████████▀▀▀▀▀▀▀██████████
████                   ████
████                   ████
████                   ████
████                   ████
████                   ████
████▄                 ▄████
████████▄▄▄     ▄▄▄████████
  ▀▀▀█████████████████▀▀▀
        ▀▀▀█████▀▀▀
▄▄████████████████████████████████▄▄
██████████████████████████████████████
█████                            █████
█████                            █████
█████                            █████
█████                            █████
█████                     ▄▄▄▄▄▄▄▄▄▄
█████                   ▄█▀▀▀▀▀▀▀▀▀▀█▄
█████                   ██          ██
█████                   ██          ██
█████                   ██          ██
██████████████████▀▀███ ██          ██
 ████████████████▄  ▄██ ██          ██
   ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ ██          ██
             ██████████ ██          ██
           ▄███████████ ██████▀▀██████
          █████████████  ▀████▄▄████▀
[/]
o_e_l_e_o
Hero Member
*****
Offline Offline

Activity: 686
Merit: 2702



View Profile
June 05, 2019, 07:44:57 PM
 #29

Perhaps add another alert for user agent then. I bet no hacker would guess that my browser is "NCSA_Mosaic/1.0 (Windows 3.1)".
They will now that you've told them! I'd recommend switching immediately - I use WorldWideWeb/0.18 (NeXTSTEP 3.3).

Some people constantly spoof their user agent, so again, wouldn't work for everyone, but it certainly could be offered alongside the IP option. Between the two of them, I suspect that would cover most people who are worried about it.

It appears that some scammers on Telegram are trying to gain confidence from people by telling them they are a bitcointalk member. It appears one scammer may have gotten access to a reputed members account and sent PMs under the member's nose.
I don't understand how this happened? Did the user in question just give out their password?

bones261
Legendary
*
Offline Offline

Activity: 1680
Merit: 1695


KnowNoBorders.io


View Profile
June 05, 2019, 07:55:28 PM
Last edit: June 05, 2019, 08:17:09 PM by bones261
 #30

It appears that some scammers on Telegram are trying to gain confidence from people by telling them they are a bitcointalk member. It appears one scammer may have gotten access to a reputed members account and sent PMs under the member's nose.
I don't understand how this happened? Did the user in question just give out their password?

Here is the thread in question that I am talking about. https://bitcointalk.org/index.php?topic=5150479.0 I am leaning toward believing that the OP is telling the truth; however, it is possible that it is just an excuse. Unfortunately, no information from the OP on thread to indicate exactly how he may have gotten compromised.
Here is a similar described incident. But I don't think the telegram scammer actually had access to the bitcointalk account to confirm the credentials that he was giving. https://bitcointalk.org/index.php?topic=5148419.0

   ▄▄██████▄▄
  ████████████
███▄▄
 ██████████████▀▀▀██▄
████████████████   ▀██▄
████████████████     ▀██
██████████████       ██▌
██████████████        ▐██
██▌▀▀██████▀▀         ▐██
▐██                   ██▌
 ██▄                 ▄██
  ▀██▄             ▄██▀
    ▀██▄▄▄     ▄▄▄██▀
      ▀▀█████████▀▀
MAIN CLUB
PARTNER of
W A T F O R D  FC
Industry Leading Crypto Sportsbook
|
SPECIAL
WATFORD FC
PROMOTIONS
|
UNIQUE
CONTENT &
GIVEAWAYS
|
▄▄█████████▄▄
▄█████████████████▄
▄██████████▀▀▀▀███████▄
▄█████████▀     ████████▄
▄██████████   ████████████▄
█████████        ██████████
█████████▄▄   ▄▄███████████
███████████   █████████████
▀██████████   ████████████▀
▀█████████   ███████████▀
▀████████▄▄▄██████████▀
▀█████████████████▀
▀▀█████████▀▀
.PLAY  HERE.
[/t
o_e_l_e_o
Hero Member
*****
Offline Offline

Activity: 686
Merit: 2702



View Profile
June 05, 2019, 08:28:53 PM
 #31

Wow. What a thread.

Unfortunately, no information from the OP on thread to indicate exactly how he may have gotten compromised.
He did say this:
I do logon from hotel wifis when abroad, I don't have much choice if I wanna get online.

If you look at the picture of theymos' PM, you can see he logs in from 5 different USA IPs in less than 12 hours. Assuming he was in New York for a few days, it seems he could well have logged in to dozens of different public WiFis, and then less than a week later, his account is used to scam. As most of us know, if you log in to a public WiFi without any sort of encryption it is entirely possible for that WiFi owner to see absolutely everything you send and receive, including usernames and passwords. I'm not saying this is definitely what happened, but it's a very obvious vector of attack.

suchmoon
Legendary
*
Offline Offline

Activity: 2072
Merit: 3913


Pedal-powered plaguebot


View Profile
June 05, 2019, 09:08:40 PM
 #32

~

Or a keylogger, or an XSS exploit to grab the cookie, or his password was password123, or a salty ex-girlfriend/boyfriend tried to screw him over...

WiFi MITM attack isn't that simple IMO. To extract a password from an HTTPS session you'd need to fool the user into accepting a fake cert, or plant a fake CA.

mangoleaf
Newbie
*
Online Online

Activity: 47
Merit: 0


View Profile
June 05, 2019, 10:47:39 PM
 #33

They can't hold your hand, account security falls on you.  No one to blame but yourself.
bones261
Legendary
*
Offline Offline

Activity: 1680
Merit: 1695


KnowNoBorders.io


View Profile
June 05, 2019, 10:59:33 PM
Last edit: June 05, 2019, 11:14:36 PM by bones261
 #34

They can't hold your hand, account security falls on you.  No one to blame but yourself.

     First of all, let's get something straight. When an account gets hacked, the main blame goes to the hacker. It's not like hackers are some wild predatory animals that just can't control their instincts. I'm not suggesting that Bitcointalk holds people's hands. I'm just suggesting an additional tool for users to implement.

   ▄▄██████▄▄
  ████████████
███▄▄
 ██████████████▀▀▀██▄
████████████████   ▀██▄
████████████████     ▀██
██████████████       ██▌
██████████████        ▐██
██▌▀▀██████▀▀         ▐██
▐██                   ██▌
 ██▄                 ▄██
  ▀██▄             ▄██▀
    ▀██▄▄▄     ▄▄▄██▀
      ▀▀█████████▀▀
MAIN CLUB
PARTNER of
W A T F O R D  FC
Industry Leading Crypto Sportsbook
|
SPECIAL
WATFORD FC
PROMOTIONS
|
UNIQUE
CONTENT &
GIVEAWAYS
|
▄▄█████████▄▄
▄█████████████████▄
▄██████████▀▀▀▀███████▄
▄█████████▀     ████████▄
▄██████████   ████████████▄
█████████        ██████████
█████████▄▄   ▄▄███████████
███████████   █████████████
▀██████████   ████████████▀
▀█████████   ███████████▀
▀████████▄▄▄██████████▀
▀█████████████████▀
▀▀█████████▀▀
.PLAY  HERE.
[/t
Joel_Jantsen
Legendary
*
Offline Offline

Activity: 1302
Merit: 1234


Can I merit you with some Flags? 🚩


View Profile
June 05, 2019, 11:08:13 PM
 #35

WiFi MITM attack isn't that simple IMO. To extract a password from an HTTPS session you'd need to fool the user into accepting a fake cert, or plant a fake CA.
Depends on the type of authentication method used. You can extract session token/JWT's from request headers but again installing the fake cert on your own system and making sure the system accepts it is a very difficult task. Basically, your system will be already compromised if the MITM managed to install a fake cert on the system.

.BitDice.               ▄▄███▄▄
           ▄▄██▀▀ ▄ ▀▀██▄▄
      ▄▄█ ▀▀  ▄▄█████▄▄  ▀▀ █▄▄
  ▄▄██▀▀     ▀▀ █████ ▀▀     ▀▀██▄▄
██▀▀ ▄▄██▀      ▀███▀      ▀██▄▄ ▀▀██
██  ████▄▄       ███       ▄▄████  ██
██  █▀▀████▄▄  ▄█████▄  ▄▄████▀▀█  ██
██  ▀     ▀▀▀███████████▀▀▀     ▀  ██
             ███████████
██  ▄     ▄▄▄███████████▄▄▄     ▄  ██
██  █▄▄████▀▀  ▀█████▀  ▀▀████▄▄█  ██
██  ████▀▀       ███       ▀▀████  ██
██▄▄ ▀▀██▄      ▄███▄      ▄██▀▀ ▄▄██
  ▀▀██▄▄     ▄▄ █████ ▄▄     ▄▄██▀▀
      ▀▀█ ▄▄  ▀▀█████▀▀  ▄▄ █▀▀
           ▀▀██▄▄ ▀ ▄▄██▀▀
               ▀▀███▀▀
        ▄▄███████▄▄
     ▄███████████████▄
    ████▀▀       ▀▀████
   ████▀           ▀████
   ████             ████
   ████ ▄▄▄▄▄▄▄▄▄▄▄ ████
▄█████████████████████████▄
██████████▀▀▀▀▀▀▀██████████
████                   ████
████                   ████
████                   ████
████                   ████
████                   ████
████▄                 ▄████
████████▄▄▄     ▄▄▄████████
  ▀▀▀█████████████████▀▀▀
        ▀▀▀█████▀▀▀
▄▄████████████████████████████████▄▄
██████████████████████████████████████
█████                            █████
█████                            █████
█████                            █████
█████                            █████
█████                     ▄▄▄▄▄▄▄▄▄▄
█████                   ▄█▀▀▀▀▀▀▀▀▀▀█▄
█████                   ██          ██
█████                   ██          ██
█████                   ██          ██
██████████████████▀▀███ ██          ██
 ████████████████▄  ▄██ ██          ██
   ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ ██          ██
             ██████████ ██          ██
           ▄███████████ ██████▀▀██████
          █████████████  ▀████▄▄████▀
[/]
theymos
Administrator
Legendary
*
Offline Offline

Activity: 3514
Merit: 6221


View Profile
June 06, 2019, 06:48:53 AM
Merited by Mitchell (5), bones261 (2), LoyceV (2), chimk (2), Halab (2), DdmrDdmr (2), klarki (1), SFR10 (1), DireWolfM14 (1)
 #36

It's tricky to get email notifications right so that they're not too spammy. Maybe later.

For now, I added this page where you can see your IP logs for the past 30 days: https://bitcointalk.org/myips.php . You could pretty easily write a userscript to periodically check this and warn you if it's weird. (But don't scrape it on every pageload.)

I don't want to make older IP logs automatically accessible because that'd give a hacker a bunch of useful/sensitive information. But 30 days is probably not too harmful.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
jademaxsuy
Member
**
Offline Offline

Activity: 532
Merit: 23

★777Coin.com★ Fun BTC Casino!


View Profile WWW
June 06, 2019, 06:58:42 AM
 #37

OP suggested like a 2 way factor authentication and yes it does sound good to use email rather than a smart phone with its number. A smartphone has disadvantage that whenever it will be stolen the the two way factor will be not be activated and it is the same as like you are also will not be able to access your btc precious account.

Pmalek
Legendary
*
Offline Offline

Activity: 1064
Merit: 1141



View Profile
June 06, 2019, 07:39:55 AM
 #38

Can't the hacker delete the sent PMs from the user's account? When they can send PMs without the knowledge of the user, they can easily delete their own sent PMs as well as we can do now manually.

At the moment they could but in the 2nd part of his post CryptopreneurBrainboss says:
How about the option of making the "save a copy to my outbox" a default setting that can't be changed and message saved in outbox can only be deleted after certain number of days like 30 days period.
This could be useful for the current forum but once the forum switches to the new software, hopefully with a 2FA option, it would no longer be needed.

████████████████████████████
████████▀▀ █▀ █▀ ▀██████████
█████████▄ ▄▄▄▄▄▄███████████
██████████▀     ▀  ▀████████
███████▀ ▀  ▄█▀▀▀█▀▀████████
██████▄      █▄  ▀▀  ▀██████
██████         ▄▄█▄ ▄ ▀█████
█████ ▄         ▀▀ ▄ ▀ █████
██████▌          █▀█▀ ▐█████
███████  ▄▌         ▄ ██████
████████▄█         ▄████████
█████████▀     ▄▄ ▄█████████
████████████████████████████
.JACKMATE'S...........
.
MAJESTIC..
████████████████████████
███████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
.
..WIN 1 BITCOIN ON EVERY PREMIER LEAGUE MATCHDAY..
████████████████████████████████
████████████▀█▀ ▀█▀█▀███████████
███████████▄ ▄▄▄▄▄▄▄████████████
███████████▀▀▄▄▄▄▄▄▄▄███████████
█████████▀▄ ██▀▄▄▄ ▀ ▄▀█████████
███████▀ ▀█████▄▄▄█▄▄▄██████████
███████▀▄████████▀  ▀█ █▐███████
███████ ▀█████████▄█▀▀██ ███████
████████ ███▀██████ ▄ ██ ███████
████████▌▐▀▄ ██████████ ▄███████
█████████▄██▌▐█████▀██ █████████
████████████▄▀▀▀▀▀▄ ▀▄██████████
████████████████████████████████
.
.JOIN US - IT'S FREE! .
lobcmt2
Full Member
***
Offline Offline

Activity: 420
Merit: 154



View Profile
June 06, 2019, 08:31:48 AM
 #39

This could be useful for the current forum but once the forum switches to the new software, hopefully with a 2FA option, it would no longer be needed.
Theymos stepped in and did hard for forum users. The switch from bitcointalk.org to Epochtalk might be a huge migration (or hugest) in history of crypto forums. Mainly because bitcointalk.org is the biggest and unique crypto forum, for years. I don't know which set of security methods for accounts will be applied in the new forum with 2-factor authentication, but I guess there are three methods: emails, signed message, and 2FA. It will be likely a tripple security method, that is hard for hackers to steal accounts.
fillippone
Sr. Member
****
Online Online

Activity: 462
Merit: 1110


Legendary Member Wannabe


View Profile
June 06, 2019, 08:55:29 AM
 #40

It's tricky to get email notifications right so that they're not too spammy. Maybe later.

For now, I added this page where you can see your IP logs for the past 30 days: https://bitcointalk.org/myips.php . You could pretty easily write a userscript to periodically check this and warn you if it's weird. (But don't scrape it on every pageload.)

I don't want to make older IP logs automatically accessible because that'd give a hacker a bunch of useful/sensitive information. But 30 days is probably not too harmful.

The log looks suspicious,
I have been logging from various locations, but some are definitely out of my recognised range.
Country is the same, but very strange IP locations popping out here and there.
I am going to change my password anyway.
This is the minimum required action.
But anyway this log need some double checking.

Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!