webtricks (OP)
Legendary
Offline
Activity: 1918
Merit: 1728
|
|
May 01, 2020, 07:11:05 AM |
|
Account security and anonymity have major importance in crypto gambling industry. I will explain two authentication processes and their pros/cons that an under-development project is considering. Through this thread I want to take views/suggestions of the community on the better of the two processes. Here are the candidates:
Option 1: Email Based Authentication
Under this option, you will be asked by casino to fill username, password and email id on registration. To increase the security, you will be asked to set-up 2FA authentication. To make withdrawal, you have to confirm email id.
Pros: Easy to use and remember system. Easy to retrieve system if password gets compromised.
Cons: Easy to hack and brute-force. Identity may be linked if same email is used somewhere else on web. Always need additional device (phone) to login (for 2FA code).
Option 2: Keys Based Authentication
Under this option, you will be asked to fill username and password on registration. Then a private code (long alphanumeric) will be generated for you and encoded with the help of password you entered in first step. Now you have to store private code somewhere safe. There onward, you have to paste private code and password to login into system.
Pros: Complete anonymity Highest degree of security. No one can hack or brute force your account even if database is compromised.
Cons: Extra care needed to maintain the security of private code. Since code is not saved anywhere on server side, losing code = losing account. One mistake and your account is gone. Impossible to change code. If you give away code to someone over phishing page, etc, then you cannot retrieve/secure the account again.
That's all. Which of the two systems would you prefer as a crypto gambler. Suggestions/views are welcome.
|
|
|
|
Russlenat
|
|
May 01, 2020, 07:17:31 AM |
|
I don't fully understand the option 2 which is the Keys Based Authentication.. As a gambler, I just follow the usual procedure when registering into a gambling site, normally, I make an account, put my email into it and then hit the verification link once I receive it..
Now, every time I access it, I like to secured it into 2FA as I feel it would be safer, not sure if there's a way to hack when you are in control of the 2FA code.
|
|
|
|
Twinkledoe
Full Member
Offline
Activity: 1904
Merit: 138
★Bitvest.io★ Play Plinko or Invest!
|
|
May 01, 2020, 07:30:40 AM |
|
I don't fully understand the option 2 which is the Keys Based Authentication.. As a gambler, I just follow the usual procedure when registering into a gambling site, normally, I make an account, put my email into it and then hit the verification link once I receive it..
Now, every time I access it, I like to secured it into 2FA as I feel it would be safer, not sure if there's a way to hack when you are in control of the 2FA code.
I think this one will fall under option 2 - Keys based authentication though. 2FA is another level of authentication process to verify your account. Option 1 is a weak one to secure your account though it is easy to log in because you don't need additional verification, however, if you are a high roller or just want to make your account more robust and safe from potential hacks, it is always better to add another security layer like 2FA.
|
|
|
|
Jating
|
|
May 01, 2020, 07:33:34 AM |
|
For the sake of discussions and not going into complexity, I would go for Option 2: Key based authentication. My main reason is that it's going to be like protecting your private keys here. At least everything is in your control. And you need to be very careful, because if you don't educate yourself everything will be gone in at instant specially. And since everyone here doesn't want to get your account compromise then obviously as a gambler we need to do everything to protect it by having a good sound and security practices.
|
|
|
|
Bitinity
Legendary
Offline
Activity: 3220
Merit: 1316
|
|
May 01, 2020, 07:46:55 AM |
|
As a common gambler with low bankroll who bet just small amount, I prefer the option #1 as what I usually do so far. It is simple, but I always use different email address for different site. I also use different password for every site where I play. 2FA is a must nowadays for a better security purpose so I'll prefer site where there is 2FA.
|
|
|
|
Vaculin
|
|
May 01, 2020, 07:50:50 AM |
|
I don't fully understand the option 2 which is the Keys Based Authentication.. As a gambler, I just follow the usual procedure when registering into a gambling site, normally, I make an account, put my email into it and then hit the verification link once I receive it..
Now, every time I access it, I like to secured it into 2FA as I feel it would be safer, not sure if there's a way to hack when you are in control of the 2FA code.
I think this one will fall under option 2 - Keys based authentication though. 2FA is another level of authentication process to verify your account. Option 1 is a weak one to secure your account though it is easy to log in because you don't need additional verification, however, if you are a high roller or just want to make your account more robust and safe from potential hacks, it is always better to add another security layer like 2FA. I think you can easily set up a 2FA, I am using AUTHY, this app can be link from my PC to my Phone, so anytime, I want to gamble, I always feel confident that my account will not be hack, the same method I applied on my exchange, both local and international exchanges.
|
|
|
|
Clark05
|
|
May 01, 2020, 08:05:53 AM |
|
Well we know that most of the gambling sited are use the email and I think it is still safe, but for the key Based Authentication is more safe because it is less risk of hacking your account in the gambling sited because the key is only save either to the paper or other documents. Many email now are prone to hack because of the luck security the accounts safety is depends on us.
|
|
|
|
Janation
|
|
May 01, 2020, 08:28:25 AM |
|
I would be on option 1.
I've been using that option for a long time now and I don't have a problem with it. I am just a casual gambler so I don't have any problems with the security since I don't have that much to gamble in the first place. Another thing is that I usually just use the gambling site's faucet so I don't really elevate from 2FA since it doesn't matter really. I have a dummy email for all of my gambling accounts so I don't have a problem with it being connected in a social media account or other site's credentials or logins.
|
|
|
|
Oasisman
|
|
May 01, 2020, 08:29:27 AM |
|
As a small time gambler with not much balance in my account (which I don't usually store crypto in it), sometimes none, I would always choose the 2FA verification. I don't worry much about the security of my account because I am using different email to avoid password and account tracing. Though I must admit, I am using 2-3 the same password from all of my accounts in the internet. I don't usually dig complex account security, unless If I have stored huge amount of money or crypto.
|
|
|
|
RealMalatesta
Legendary
Offline
Activity: 2366
Merit: 1137
|
|
May 01, 2020, 08:31:45 AM |
|
The evaluation of authentication has traveled a long way before what we have right now:
By late 90's it was: username (unique identifier) password email ID || By early 2000's we had: email as unique identifier and password with certain charterers and in length was recommended || Then email/mobile as unique identifier password (with strength notifier: strong/week/neutral) 2FA as optional || Then mobile OTP (no need of password to be set while registration) || Unique identifier (system generated) Password email
I guess the next level should be bio-metric based authentications like already mobile devices are authenticating us.
Every system has own advantages and pitfalls. Basic measurements we must follow for tension-free life: 1. Not using same email/password everywhere to protect identity and to prevent hacks. 2. Knowing well-in advance about account/password recovery processes. 3. Not keeping big balances with your online accounts so that you never need to bother about losing accounts if happens. 4. Keeping log of accounts along with IDs and password and keep this log secured. There are lots of PWD maintaining tools are available in desktop and mobile versions (tools which are working offline are recommended).
What type of authenticating method we prefer is having least weightage but how securely using them by following all the protecting measurements is the actual key here.
|
|
|
|
swogerino
Legendary
Offline
Activity: 3332
Merit: 1248
Bitcoin Casino Est. 2013
|
|
May 01, 2020, 08:48:44 AM |
|
I like to think that only the user is responsible for securing his/her account.Therefore I will always choose 2Fa authentication and I will also make sure I keep a long backup code stored at a safe place(old laptop with linux) this way I have a way to recover if the 2fa is broken in some way.Many 2fa casinos are using google authenticator which allows for a long code as a backup code after you have scanned the 2fa option in the page.
|
| | | | | | | ███▄▀██▄▄ ░░▄████▄▀████ ▄▄▄ ░░████▄▄▄▄░░█▀▀ ███ ██████▄▄▀█▌ ░▄░░███▀████ ░▐█░░███░██▄▄ ░░▄▀░████▄▄▄▀█ ░█░▄███▀████ ▐█ ▀▄▄███▀▄██▄ ░░▄██▌░░██▀ ░▐█▀████ ▀██ ░░█▌██████ ▀▀██▄ ░░▀███ | | ▄▄██▀▄███ ▄▄▄████▀▄████▄░░ ▀▀█░░▄▄▄▄████░░ ▐█▀▄▄█████████ ████▀███░░▄░ ▄▄██░███░░█▌░ █▀▄▄▄████░▀▄░░ █▌████▀███▄░█░ ▄██▄▀███▄▄▀ ▀██░░▐██▄░░ ██▀████▀█▌░ ▄██▀▀██████▐█░░ ███▀░░ | | | | |
|
|
|
rhomelmabini
|
|
May 01, 2020, 08:50:57 AM |
|
I voted for option because I know that's the best one to secure your accounts but there are platforms that offer both to have not just 1 option. If there is an option for both I guess I'll go for that.
Both have flaws and advantages but overall that depends on the individual securing his/her personal information.
|
|
|
|
fortunecrypto
Legendary
Offline
Activity: 2562
Merit: 1048
|
|
May 01, 2020, 09:33:04 AM |
|
I prefer the email based security I find it more safer as long as you know how to secure your email, I have two factor authentication and phone verification, compare to keys you need to find a good place to store it, many of us store their keys to their email.
|
|
|
|
btc_angela
|
|
May 01, 2020, 09:44:38 AM |
|
At the level of my gambling experience, I would say that Option 2 will be good.
However, I usually don't play that huge amount though, so personally I will pick Option 1, much easier for me to maintain. So. I guess the answer should be how much money you are spending in our online gambling. If you are a whale then definitely Option 2 will be better for you. But if you are just a recreational gambler, Option 1 will fit you much better.
|
|
|
|
abel1337
Legendary
Offline
Activity: 2492
Merit: 1145
Enterapp Pre-Sale Live - bit.ly/3UrMCWI
|
|
May 01, 2020, 09:52:49 AM |
|
For a gambling site, It's absolutely better to choose the key-based authentication if we are aiming for the security that we are aiming for. But for me, I don't really use key-based authentication on a gambling site because I am fine using email authentication plus 2-fa. So far I am not losing any funds by being hacked. To be honest, using email authentication for me is less hassle to use. I'm fine having the 2-fa because it's my daily procedure on every account that offers 2-fa security.
|
|
|
|
YuginKadoya
Legendary
Offline
Activity: 3038
Merit: 1169
|
|
May 01, 2020, 10:17:16 AM |
|
Option 2 for me even though option 1 has an easy and more noticeable type of security Anonymity beats them all but you will need to be very careful is using this kind of security because you yourself might forget your private key very easily but the safety of your account is at hand here and you can be sure that it will not gonna end up in a hack brute force!
But you will need extra care and you will need a back up if you would lose or forget your private-key other than that most people prefer a more complicated system but you can always be sure about strong security it has.
|
|
|
|
Becky666
|
|
May 01, 2020, 10:24:11 AM |
|
Keybase ofcourse, there are many ways and options one can manipulate to expose your identity on the web. What had me challenged backed then was my investment on a platform that went down without my notice in 2015. Then, I used option one(email and 2fa) this couldn't help me even though I tried my humanly possible best to protect my investment. There is a saying that" no system is safe online " this facts are true, due to this, option two is better and secure, if you're investing a huge amount of funds online.
|
|
|
|
acroman08
Legendary
Online
Activity: 2506
Merit: 1112
|
|
May 01, 2020, 11:00:01 AM |
|
I am prone into forgetting password, pins or codes and I already lost 1 account that has some fund deposited on it that's why I prefer option 1, I am a casual gambler and never put a lot of fund on any gambling site account that I play on and I only use a dummy email account(which I highly recommend for other casual gamblers like me) to use for registering so I am not worried about my identity or important information being leaked or stolen.
|
|
|
|
seleme
Legendary
Offline
Activity: 2772
Merit: 1028
Duelbits.com
|
|
May 01, 2020, 11:01:31 AM Last edit: May 01, 2020, 11:08:19 PM by seleme |
|
Three types of security: - Something you know-password which is easily hackable
- Something you have- 2FA apps installed on Android phone
- Yourself- Fingerprint or eye scanning
The last choice is the best one but it is also hackable and there are weak points, I will go for the second option.
|
|
|
|
AakZaki
Legendary
Offline
Activity: 2338
Merit: 1084
zknodes.org
|
|
May 01, 2020, 11:04:02 AM |
|
The second option is still the best choice, I myself use it. When I put a considerable amount of money in the gambling or exchange platform, it is compulsory for me to install Keys Based Authentication.
However, if I only enter a few USD, then I use Email Based Authentication. The point is that when there is enough money I deposit, I have to use Keys Based Authentication. For the sake of maintaining the security of my assets,
From the cons side of Keys Based Authentication, I am aware of all that, because there is indeed no tolerance for keeping funds safe. So I have to prepare everything carefully.
|
|
|
|
|