notblox1 (OP)
Legendary
 Offline
Activity: 2058
Merit: 1263
Logo Designer ⛨ BSFL Division1
|
 |
August 13, 2020, 12:26:09 PM
Last edit: August 13, 2020, 12:55:16 PM by notblox1 |
|
 https://www.zorrosign.com/passwordless-future/One of the biggest mistakes you can make is to use simple passwords or same password for everything. Simple password can be cracked instantly, so better use some offline password generator to mix all characters and generate password. My suggestion is to use strong long passwords different for anything including Bitcointalk account, and make them hard to crack. Never use same passwords more than once! But even doing all this, if bitcointalk forum gets somehow compromised or hacked again (happened before) someone can steal even our hardest passwords. Can we expect to see some solutions for this issue in new forum software? Maybe using 2FA, OTP or something else? |
|
|
|
|
|
|
|
|
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
Upgrade00
Legendary
Offline
Activity: 2030
Merit: 2173
Professional Community manager
|
|
August 13, 2020, 12:46:31 PM |
|
But even doing all this, if bitcointalk forum gets somehow compromised or hacked again (happened before) someone can steal even our hardest passwords.
Can we expect to see some solutions for this issue in new forum software?
Maybe using 2FA, OTP or something else?
The previous hack on accounts was due to an SMF vulnerability exploited through the security question option, it has been disabled since then to prevent a repeat. 2FA has been suggested many times on the forum, but there has been no action taken regarding that, for now you could use it on accounts linked to your profile, such as your email address to prevent a breach. Also keep your email address private and do not share important links, such as your captcha bypass link. |
|
|
|
mole0815
Staff
Legendary
Offline
Activity: 2352
Merit: 2637
Join the world-leading crypto sportsbook NOW!
|
|
August 13, 2020, 12:52:53 PM |
|
Can we expect to see some solutions for this issue in new forum software?
Maybe using 2FA, OTP or something else? 2fa is certainly a topic in the new software. This was also discussed several times in the epochtalk subforum. here is an example: Any chance we get 2fa on this forum? Or perhaps I'm missing it.
On Epochtalk, "Yes"... - It's part of "planned features":
Will the forum move?
If you're referring to its domain name, I don't think so [not sure]. And my current password with between 24 and 28 characters including upper- lowercase and symbols seems very secure to me according to your table  |
| | | .
.Duelbits. | | | █▀▀▀▀▀
█
█
█
█
█
█
█
█
█
█
█
█▄▄▄▄▄ | TRY OUR
NEW UNIQUE
GAMES! | | .
..DICE... | ███████████████████████████████
███▀▀ ▀▀███
███ ▄▄▄▄ ▄▄▄▄ ███
███ ██████ ██████ ███
███ ▀████▀ ▀████▀ ███
███ ███
███ ███
███ ███
███ ▄████▄ ▄████▄ ███
███ ██████ ██████ ███
███ ▀▀▀▀ ▀▀▀▀ ███
███▄▄ ▄▄███
███████████████████████████████ | .
.MINES. | ███████████████████████████████
████████████████████████▄▀▄████
██████████████▀▄▄▄▀█████▄▀▄████
████████████▀ █████▄▀████ █████
██████████ █████▄▀▀▄██████
███████▀ ▀████████████
█████▀ ▀██████████
█████ ██████████
████▌ ▐█████████
█████ ██████████
██████▄ ▄███████████
████████▄▄ ▄▄█████████████
███████████████████████████████ | .
.PLINKO. | ███████████████████████████████
█████████▀▀▀ ▀▀▀█████████
██████▀ ▄▄███ ███ ▀██████
█████ ▄▀▀ █████
████ ▀ ████
███ ███
███ ███
███ ███
████ ████
█████ █████
██████▄ ▄██████
█████████▄▄▄ ▄▄▄█████████
███████████████████████████████ | 10,000x
MULTIPLIER | │ | NEARLY UP TO
.50%. REWARDS | | | ▀▀▀▀▀█
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▄▄█ |
|
|
|
Coin_trader
Copper Member
Legendary
Offline
Activity: 2772
Merit: 1169
Leading Crypto Sports Betting & Casino Platform
|
|
August 13, 2020, 01:03:00 PM |
|
I will never used a random word that generated by that app. It will be very convenient to memorized or save it to a notepad for forum account purposes only. I typically using the standard password which minimum 10 characters with at least 1 number, capital letter and symbol. It will took too much time for a hacker to brute force that type password and no one will ever attempt to put some effort on hacking an active forum account. This strong password are suggested to those that has been offline for a long period of time because they are the common target of hackers. But this password generator was very useful for exchange account password. I will definitely used it to mine. Thank you!  |
| ..Stake.com.. | | | ▄████████████████████████████████████▄
██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄
██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████
██ ██████████ ██ ██ ██████████ ██ ▀██▀
██ ██ ██ ██████ ██ ██ ██ ██ ██
██ ██████ ██ █████ ███ ██████ ██ ████▄ ██
██ █████ ███ ████ ████ █████ ███ ████████
██ ████ ████ ██████████ ████ ████ ████▀
██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
██ ▀▀▀▀▀▀▀▀▀▀ ██
▀█████████▀ ▄████████████▄ ▀█████████▀
▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄
██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█ ▄▀▄ █▀▀█▀▄▄
█ █▀█ █ ▐ ▐▌
█ ▄██▄ █ ▌ █
█ ▄██████▄ █ ▌ ▐▌
█ ██████████ █ ▐ █
█ ▐██████████▌ █ ▐ ▐▌
█ ▀▀██████▀▀ █ ▌ █
█ ▄▄▄██▄▄▄ █ ▌▐▌
█ █▐ █
█ █▐▐▌
█ █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀ ▐█▌ ▀█▄
██ ▐█▌ ██
████▄ ▄█████▄ ▄████
████████▄███████████▄████████
███▀ █████████████ ▀███
██ ███████████ ██
▀█▄ █████████ ▄█▀
▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀
▀███████ ███████▀
▀█████▄ ▄█████▀
▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
Erumo
Member
Offline
Activity: 549
Merit: 42
|
|
August 13, 2020, 01:07:52 PM |
|
This table lack option number and Upper or lower case letters (password like "notblox1").
How quick can that kind of combination be brute forced?
According to the table, if I add "Aaaaaaaaaaaa" to "notblox1" password, it will be almost impossible to hack this by brute force. If the hacker has an intention to hack you, adding "2FA, OTP or something else" wont help. He'll just wait till his victim fails somewhere and reveals necessary info to pick up right combination of tools to hack. That is why adding something extra to a long and strong password seems useless.
|
You mess with the meow meow
You get the peow peow
|
|
|
hd49728
Legendary
Offline
Activity: 2086
Merit: 1027
|
|
August 13, 2020, 01:11:45 PM |
|
2fa is certainly a topic in the new software. This was also discussed several times in the epochtalk subforum. here is an example: 2FA is asked many times. We might have it in Epochtalk (a new forum software) but when the new forum software will be used is still a big secret). |
|
|
|
|
jademaxsuy
|
|
August 13, 2020, 01:31:23 PM |
|
I guess I do not need to secure my BCT account for it is already secured. I think also that it is not needed because sale of BCT account is discourage though it is not prohibited but with this member rank I guess no one or only few will be interested to get this account. I do not see other reason of the need to get a strong password. Just in case this account will be hack then I think I can make another account and will just report this account that it was being hack. The only problem is that I will going to start again posting and waiting for the time that I could get merit to rank up to jr.member up to member in rank. Besides getting merit for an average poster like me is difficult and I need to struggle for it to get. However, I could still do good in the forum. I am still working on a progress of learning about blockchain and how could it be attain and apply in an existing business. This is an alternative to POS I guess if it will be possible then surely I will make use of blockchain. POS will be a compliance to the government agency needing it that is my opinion.
So how strong is my BCT password? LOL. So much easy to remember as easy as 123 let's Go!
|
|
|
|
|
crwth
Copper Member
Legendary
Offline
Activity: 2758
Merit: 1250
Try Gunbot for a month go to -> https://gunbot.ph
|
|
August 13, 2020, 01:38:44 PM |
|
I think it’s quite useful to have a password manager at your side to generate the passwords that are going to be safe. Numbers, upper and lower case letters, and symbols would be the strongest ones for sure, and the longer the password, the better.
Everything that concerns to 2FA would be in the future since it has been talked about here many times. I suggest that everyone sign a signature that only the owner has access and stake it here. It’s to prove that you are the owner if something happens to your account.
|
|
|
|
mk4
Legendary
Offline
Activity: 2758
Merit: 3830
Paldo.io 🤖
|
|
August 13, 2020, 01:55:17 PM |
|
If the hacker has an intention to hack you, adding "2FA, OTP or something else" wont help. He'll just wait till his victim fails somewhere and reveals necessary info to pick up right combination of tools to hack.
It will help. I can guarantee you, if somebody wanted to hack me, besides getting past my long and complicated-ass password, getting past 2FA would be a HUGE problem for the hacker as the hacker would need to gain access to my physical device to get past that layer. Things like 2FA are definitely not useless unless you do something utterly stupid/careless like leaking the keys of your 2FA. |
|
|
|
|
OcTradism
|
|
August 13, 2020, 02:17:03 PM |
|
|
| | | .
.Duelbits. | | | █▀▀▀▀▀
█
█
█
█
█
█
█
█
█
█
█
█▄▄▄▄▄ | TRY OUR
NEW UNIQUE
GAMES! | | .
..DICE... | ███████████████████████████████
███▀▀ ▀▀███
███ ▄▄▄▄ ▄▄▄▄ ███
███ ██████ ██████ ███
███ ▀████▀ ▀████▀ ███
███ ███
███ ███
███ ███
███ ▄████▄ ▄████▄ ███
███ ██████ ██████ ███
███ ▀▀▀▀ ▀▀▀▀ ███
███▄▄ ▄▄███
███████████████████████████████ | .
.MINES. | ███████████████████████████████
████████████████████████▄▀▄████
██████████████▀▄▄▄▀█████▄▀▄████
████████████▀ █████▄▀████ █████
██████████ █████▄▀▀▄██████
███████▀ ▀████████████
█████▀ ▀██████████
█████ ██████████
████▌ ▐█████████
█████ ██████████
██████▄ ▄███████████
████████▄▄ ▄▄█████████████
███████████████████████████████ | .
.PLINKO. | ███████████████████████████████
█████████▀▀▀ ▀▀▀█████████
██████▀ ▄▄███ ███ ▀██████
█████ ▄▀▀ █████
████ ▀ ████
███ ███
███ ███
███ ███
████ ████
█████ █████
██████▄ ▄██████
█████████▄▄▄ ▄▄▄█████████
███████████████████████████████ | 10,000x
MULTIPLIER | │ | NEARLY UP TO
.50%. REWARDS | | | ▀▀▀▀▀█
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▄▄█ |
|
|
|
stompix
Legendary
Offline
Activity: 2884
Merit: 6283
Blackjack.fun
|
|
August 13, 2020, 02:41:19 PM |
|
Of course, using a weak password is clearly a no but at one point I think you have to decide where safety ends and paranoia begins.
I use different passwords on all sites I use, I do have a system of trying to keep them quite memorable and at the same time not easy to guess if one of my accounts gets compromised but I always have the feeling that the more you try to keep it all secure the more you start to doubt everything. You will, of course, doubt your browser password manager the first (which is normal), then the password program manager you've installed as it might be vulnerable to some malware, then you will try writing them down but where to hide them so no visual visit of a friend can uncover them....And even with 2FA, you have to avoid the phone number as an option because of the sim swaps attack..and so on and on
To be since I'm more interested in having a bulletproof way to recover all my account in case I end up dead drunk at my laptop and share all my passwords on some forum or social network in some stupid challenge the beer ordered me to take.
|
.
.BLACKJACK ♠ FUN. | | | ███▄██████
██████████████▀
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
█████████████████▄
░██████████████▀
████████████
███████████████░██
██████████ | | CRYPTO CASINO &
SPORTS BETTING | | │ | | │ | ▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
███████████████████ | | .
|
|
|
|
suchmoon
Legendary
Offline
Activity: 3654
Merit: 8922
https://bpip.org
|
|
August 13, 2020, 02:56:35 PM |
|
bulletproof way to recover all my account
Short of a DNA swab it would suffer from similar issues as password+2FA and can possibly be used as an attack vector in its own right, e.g. Bitcoinalk password reset via e-mail can be used to by a hacker to get into your account if it's easier to compromise your e-mail account first. Let's face it, any security measures have limits and it's just a matter of how badly someone wants your account. Password+2FA is good enough for a Bitcointalk account. Password alone - maybe not. Account recovery - meh, reputation of that account is likely shit anyway if it got compromised so might as well forget it. |
|
|
|
|
The Sceptical Chymist
Legendary
Offline
Activity: 3332
Merit: 6809
Cashback 15%
|
|
August 13, 2020, 08:41:50 PM |
|
The previous hack on accounts was due to an SMF vulnerability exploited through the security question option, it has been disabled since then to prevent a repeat.
Maybe it's just my tech ignorance, but I find that statement to be less comforting than perhaps I should have. OP, I liked that graphic you included in your post, as I'd never seen anything of the sort before. I'm pretty sure my password is strong enough, and I don't use it on any other websites so I hope I'm secure as far as that's concerned. Members of bitcointalk should be extra careful about protecting their accounts. There probably aren't many hackers trying to access members' accounts on other forums like this one, but it's a completely different situation here. I think it's especially important for newbies to realize this. Let's face it, any security measures have limits and it's just a matter of how badly someone wants your account.
Agreed, and I don't lose any sleep at night because I'm worried any of my online accounts are going to get hacked. I do what I can to be secure, and I hope for the best. What else can you do? |
.
.HUGE. | | | | | | █▀▀▀▀
█
█
█
█
█
█
█
█
█
█
█
█▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
CASINO & SPORTSBOOK
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▄█ | | |
|
|
|
TheBeardedBaby
Legendary
Offline
Activity: 2184
Merit: 3134
₿uy / $ell
|
|
August 13, 2020, 08:57:32 PM |
|
What is the point of having strong Bitcointalk password when the weakest link is the email password. Nobody will try to crack your password here, it's easier to hack your email address and there you go.
I'm not saying that the bitcointalk password shouldn't be strong enough but I suggest people focus on their email passwords. Better change them more often or even create a new fresh email address from time to time only to access the forum.
I would love to see the multi-signature approach here, to recover your bitcointalk password you need to have at least two different emails registered, and until you click the both verification links you don't get an access.
|
|
|
|
notblox1 (OP)
Legendary
Offline
Activity: 2058
Merit: 1263
Logo Designer ⛨ BSFL Division1
|
|
August 13, 2020, 09:17:18 PM |
|
What is the point of having strong Bitcointalk password when the weakest link is the email password. Nobody will try to crack your password here, it's easier to hack your email address and there you go.
I would not agree with you that weakest link here is email password. Someone (Hacker) can send you PM in forum (it happened before) with phishing link. You click on the link and enter your password with login information. No email is used. Hacker can do a lot of damage before original user finds out about the hack. If someone creates weak password in one place, than he will create weak passwords everywhere. I was shocked recently when I heard some people use one and only password for everything... Weakest link here are human beings. If you leak your email address you can receive similar phishing email, but I would not ask anyone to register in forum with two email addresses. Adding 2FA (without using sms) seems good enough solution for now, but I would like to see some futuristic option including bitcoin blockchain confirmation  |
|
|
|
|
GeorgeJohn
|
|
August 13, 2020, 09:56:16 PM |
|
Yeah i really like your advice op..but in addition on what you said,in order to secure your password or make your password to be strong so that know one can have the access to penetrate in your wallet's, bitcointalk account or Facebook accts, try to use alpha numerical password such as "aed1575zf" to secure your accounts, because such type of password is hard to penetrate easily.
Again try not to use one password in all your accounts to avoid hackers to penetrate into your account.
Ensure that your email have the alpha numerical password because hackers penetrate into accounts through email.
Please everyone should be careful on password's used in bitcoin.
|
|
|
|
TheBeardedBaby
Legendary
Offline
Activity: 2184
Merit: 3134
₿uy / $ell
|
|
August 13, 2020, 10:17:50 PM |
|
What is the point of having strong Bitcointalk password when the weakest link is the email password. Nobody will try to crack your password here, it's easier to hack your email address and there you go.
I would not agree with you that weakest link here is email password. Someone (Hacker) can send you PM in forum (it happened before) with phishing link. You click on the link and enter your password with login information. No email is used. Hacker can do a lot of damage before original user finds out about the hack. If someone creates weak password in one place, than he will create weak passwords everywhere. I was shocked recently when I heard some people use one and only password for everything... Weakest link here are human beings. If you leak your email address you can receive similar phishing email, but I would not ask anyone to register in forum with two email addresses. Adding 2FA (without using sms) seems good enough solution for now, but I would like to see some futuristic option including bitcoin blockchain confirmation Strong passwords protected you only against brut force Attempts. In the example you gave it does not really matter how strong password you are using if you going to write it down on a phishing link. I agree that the weakest link are the users most of the time. Still I tend to trust Theymos more than some email provider, even after the 2015 hack. |
|
|
|
JeromeTash
Legendary
Offline
Activity: 2142
Merit: 1210
Heisenberg
|
|
August 13, 2020, 10:38:23 PM |
|
After my account got hacked in 2018. I learned lessons the hard way. I literally used to do every mistake most newbies would do. Use the same Email address and weak 8 letter password while registering on every shit ICO website out there until the credentials leaked from one of the websites. Someone managed to access my account and changed the password and linked email address. They would have been able to access my email address too and reset everything if it wasn't for the 2FA that was enabled in there.
That was a rude awakening for me. I had to wait for 6+ Months to get my account recovered and ever since the hack. All my different online accounts have different email address, strong different passwords and 2FA enabled where possible.
|
|
|
|
SiNeReiNZzz
Legendary
Offline
Activity: 1022
Merit: 1043
αLPʜα αɴd ΩMeGa
|
|
August 13, 2020, 11:00:01 PM |
|
~CUT~
Many thanks for this! Great graphics! In the bottom right-hand corner, I sort me in. I will not let it happen, my account get stolen again, for sure! Just as you've already correctly explained. Unfortunately, the best password is worth nothing - because everything stands and falls with the security of the forum... I think, to make it as secure as possible and to protect it from new attacks and thus from theft of passwords, is a high aspiration on the part of the forum operators. I'm assuming there's been a lot of talk about this...
And I would be interested in your proposals, from the point of view of e.g. theymos or other high staff! If this has not been an subject so far, there must be some reasons, why it is not or cannot be considered... ~CUT~
But even doing all this, if bitcointalk forum gets somehow compromised or hacked again (happened before) someone can steal even our hardest passwords.
Can we expect to see some solutions for this issue in new forum software?
Maybe using 2FA, OTP or something else?
//edited |
|
|
|
|
libert19
|
|
August 14, 2020, 03:36:23 AM |
|
I had an account here before and it got hacked in last bitcointalk hack, I was naive back then and had used very simple 4 worded password ('easy to remember').
|
| | .
.Duelbits. | │ | ..........UNLEASH..........
THE ULTIMATE
GAMING EXPERIENCE | │ | DUELBITS
FANTASY
SPORTS | ████▄▄▄█████▄▄▄
░▄████████████████▄
▐██████████████████▄
████████████████████
████████████████████▌
█████████████████████
████████████████▀▀▀
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀ | .
▬▬
VS
▬▬ | ████▄▄▄█████▄▄▄
░▄████████████████▄
▐██████████████████▄
████████████████████
████████████████████▌
█████████████████████
███████████████████
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀ | /// PLAY FOR FREE ///
WIN FOR REAL | │ | ..PLAY NOW.. | |
|
|
|
|
