|| Problem on losing/hack of accounts

[Danydee]

 Just accessing the acount you can freely change the email address linked to (when knowing the password).  So that's make a situation where every Hacker if gets the password can easily and systematically appropriate the account. That's increase sinificatlly the number of hacked accounts and make the process of recovering it pretty hard.

 This can easily be palied by setting a (confirmation demand) from the existing email address, or even for emails accounts that can not longer riched/on troubles on email receiving, setting a minimum time delay before changing to the new email address.




 

[1714121663]

1714121663

[Gyfts]

This can easily be palied by setting a (confirmation demand) from the existing email address, or even for emails accounts that can not longer riched/on troubles on email receiving, setting a minimum time delay before changing to the new email address.

I imagine one of the main reasons people would change the email associated with their account would be that they don't have access to the original account which would mean this method wouldn't work.

[jackg]

I thought there was a cooling off period for email changes? Like 7 days or something already?

So you could lock an account if the email/password were changed.

[Blacknavy]

I thought there was a cooling off period for email changes? Like 7 days or something already?

So you could lock an account if the email/password were changed.

Yes, it should be 14 days.

[SFR10]

This can easily be palied by setting a (confirmation demand) from the existing email address, or even for emails accounts that can not longer riched/on troubles on email receiving, setting a minimum time delay before changing to the new email address.

"Gyfts" made a great point + 2FA ^{[with an authenticator app]} would be a better ^{[has its own pros and cons]} option and it's listed under "Planned Features" for our new forum.

[Danydee]

I thought there was a cooling off period for email changes? Like 7 days or something already?

So you could lock an account if the email/password were changed.

Yes, it should be 14 days.

I think in the minimum, Regarding the stats of login, (Device, IP, if the account just woke up ...).

This can easily be palied by setting a (confirmation demand) from the existing email address, or even for emails accounts that can not longer riched/on troubles on email receiving, setting a minimum time delay before changing to the new email address.

"Gyfts" made a great point + 2FA ^{[with an authenticator app]} would be a better ^{[has its own pros and cons]} option and it's listed under "Planned Features" for our new forum.

  May use PGP,  or maybe just signing a btc address, asking for signing a message auto-generated from an address, no need for APP, just access to the address ..

[lulucrypto]

I imagine one of the main reasons people would change the email associated with their account would be that they don't have access to the original account which would mean this method wouldn't work.

As @Gyfts says I also think it's for those who lose access to their email, that the system works this way.

One solution would be to have some kind of retraction time ( A week ? A month ? ).
For this solution to work, it would be necessary first to send an email alert on the old email, and in the email, it would include a link to cancel the change of email.

It would not be very complicated to develop, and it will add real security in addition to the forum I think

[Danydee]

 A month, or may more. Whatever it's more longer, it can be not enough

[coupable]

@Lulucrypto "Ownership change for accounts" works in the way you described. So it's possible to change the email if have no access to the original one, and cancel the change process using the original email if the account is compromised.

As an extra protection against any possible social engineering attacks, whenever^* the administration changes an account's email address from its current value, the following process occurs:
 - The change is queued.
 - It is listed in seclog.php.
 - The old email receives a warning.
 - After 7 days, the change goes through and another seclog.php entry is added.

The account stays locked throughout all of this.

Hopefully it will be essentially unheard of, but if an account is going to be incorrectly transferred, everyone who knows about the incorrect change should noisily post all of the evidence they have so that we can at least put the change on hold and re-review the evidence.

^{* Admins can act outside of procedure and bypass the queue if necessary, but hardly ever will.}

This system has been implemented since about a year. Not so different from the old one except about displaying data in Seclog and if your account is hacked you had 14 days to lock it through original email.

[bittraffic]

This can easily be palied by setting a (confirmation demand) from the existing email address, or even for emails accounts that can not longer riched/on troubles on email receiving, setting a minimum time delay before changing to the new email address.

I imagine one of the main reasons people would change the email associated with their account would be that they don't have access to the original account which would mean this method wouldn't work.

And this I guess the reason why posting BTC address and signing message is important for the users here. However we can also see how slow the recovering of hacked accounts. For now the only solution is to just remember your password and the address you have posted here in the forum where you can sign message, afaik ETH address right now is acceptable when you sign message.

[Danydee]

This can easily be palied by setting a (confirmation demand) from the existing email address, or even for emails accounts that can not longer riched/on troubles on email receiving, setting a minimum time delay before changing to the new email address.

I imagine one of the main reasons people would change the email associated with their account would be that they don't have access to the original account which would mean this method wouldn't work.

And this I guess the reason why posting BTC address and signing message is important for the users here. However we can also see how slow the recovering of hacked accounts. For now the only solution is to just remember your password and the address you have posted here in the forum where you can sign message, afaik ETH address right now is acceptable when you sign message.

(Optional) Automatic signing message verification could be great F2A option!
Imagine 'Bitcointalk' the first to do the thing

[JeromeTash]

I also observed the same thing when my account go hacked back in mid 2018. The person just easily changes you email address so long as they know your accounts password.

I think to avoid the problem of locking out someone from their account in case they genuinely wanted to change their email address. The email address change without authorization through the original email should be based on IP logs.

If sudden a request for an email address change was made from an unfamiliar IP address, the system would then be automatically triggered to ask the user to first authorized the email address change through a link from the original email address.

[coupable]

The email address change without authorization through the original email should be based on IP logs.

If sudden a request for an email address change was made from an unfamiliar IP address, the system would then be automatically triggered to ask the user to first authorized the email address change through a link from the original email address.

This means that if i loose access to my original email i will not be able to change it. The message sent to the original email shouldn't <isn't> be for ownership change confirmation but only to cancel the change if the change is made by a hacker.
IP logs can be used to prevent hack attempts but i don't think there isn't an urgent need for it, as the actul system is working good.

[lulucrypto]

@Lulucrypto "Ownership change for accounts" works in the way you described. So it's possible to change the email if have no access to the original one, and cancel the change process using the original email if the account is compromised.

As an extra protection against any possible social engineering attacks, whenever^* the administration changes an account's email address from its current value, the following process occurs:
 - The change is queued.
 - It is listed in seclog.php.
 - The old email receives a warning.
 - After 7 days, the change goes through and another seclog.php entry is added.

The account stays locked throughout all of this.

Hopefully it will be essentially unheard of, but if an account is going to be incorrectly transferred, everyone who knows about the incorrect change should noisily post all of the evidence they have so that we can at least put the change on hold and re-review the evidence.

^{* Admins can act outside of procedure and bypass the queue if necessary, but hardly ever will.}

This system has been implemented since about a year. Not so different from the old one except about displaying data in Seclog and if your account is hacked you had 14 days to lock it through original email.

Oh, as much for me, I did not know about that.

So, if I understand ( Following the presentation of Theymos ), the process does not seem automated ?
In case of problem, we have to manually contact Theymos to trigger the process of restoration of the old ?

I am wrong ?

[coupable]

Oh, as much for me, I did not know about that.

So, if I understand ( Following the presentation of Theymos ), the process does not seem automated ?
In case of problem, we have to manually contact Theymos to trigger the process of restoration of the old ?

I am wrong ?

No it's not automatic and all steps are supposed to be made manually. There is a dedicated team called "Cryptios" who is working on this with Cyrius [stuff] . Contact with them can be made using emails, they also have forum profiles but i doubt if they accept change request through forum pms.

[lulucrypto]

Oh, as much for me, I did not know about that.

So, if I understand ( Following the presentation of Theymos ), the process does not seem automated ?
In case of problem, we have to manually contact Theymos to trigger the process of restoration of the old ?

I am wrong ?

No it's not automatic and all steps are supposed to be made manually. There is a dedicated team called "Cryptios" who is working on this with Cyrius [stuff] . Contact with them can be made using emails, they also have forum profiles but i doubt if they accept change request through forum pms.

Okay, it's a shame that the process is not automated, it would not be very difficult to develop a script to automate the whole process.

After, I say that it allows to keep some control over the process, thus appearing a gain of additional security.