Tips on how to keep your Bitcointalk forum account safe.

[Issa56]

I discovered a thread recently that was created by BetGalaxyADM, accusing one of the reputable escrow service on the forum of collaborating with the scammer, Massively fraudulent Escrow Transaction!. This account BetGalaxyADM was involved in a deal with Burky155 on the forum, and his forum account was compromised. He used an escrow service, and when his account was compromised, the hacker was able to get access to his account and contact the escrow service, requesting the release of funds. The escrow service complied with the request and released the funds without realizing the account had been compromised.
I believe a similar thread about how to secure your forum account has already been started, but I hope this serves as a friendly reminder to forum newbies to protect their forum account from hacking.

I'll offer some advice on how to prevent hackers from accessing your forum account.

1. First of all, when creating a forum account, I recommend using a strong password. Letters, numbers, symbols, uppercase and lowercase should all be included in your password, your password should not be stored in any application or on the internet. For example, it is strongly discouraged to secure your password on your email address. Always make sure you keep your password safe offline, away from any internet access.

2. Avoid clicking on phishing links, do not click on random links you receive on emails or on social media, as these could be phishing attempts to attack your bitcointalk forum account. If you receive a link asking you to verify your forum account or asking you to change your forum password, always ignore messages like that, and you can decide to visit bitcointalk.org and change your password without clicking the link you were sent. Enter your forum details on no other forum than http://bitcointalk.org. Because there are so many phishing attempts going on right now, we must be extremely cautious about the links we click.

3. Always avoid downloading untested software or dangerous files. Always keep your computer safe from malware, dangerous files can easily compromise your device, which hacker can easily have control of your device.

4. Always secure your  email address. You can use 2FA to secure your email address, so that hackers won’t easily have access to your email address. Also, avoid entering your email address on untrustworthy websites, It's always better to have a separate email address for the forum that you won't use on any other websites, so that nobody will be able to hack your email address.  If your email address have been compromised it will be easy to hack your forum account, because the user can easily input your bitcointalk username on the forum and click on reset password, a code will be send to your mail which the user can easily use to access your forum account.

5. Avoid logging in with a random user's mobile device, Nobody can be trusted, incase of emergency and you want to use the forum and you don’t have choice than to use other users device, maybe you are not close to your laptop or due to other reasons, make sure you change your password when you are with your laptop or mobile phone. Some devices will save your username and password, allowing the device owner to easily access your bitcointalk account whenever he wants and increasing the risk of account getting hacked.

6. When creating your Bitcointalk forum account, make sure you don’t use the same username and password for other websites as you do for the forum. Always use a unique username and password so that no one can figure out your login information. Use different username and password from the once you have being using on other websites or forums.

7. You can carefully sign a message with your wallet address as well. This can help you prove ownership of your account in case you fall victim to account hacking, if you can sign a message with your wallet, then you can recover your forum account back.

In conclusion
Account security should be taken very seriously in order to avoid such incidents, because prevention is better than cure.

[1714985237]

1714985237

[1714985237]

1714985237

[1714985237]

1714985237

[1714985237]

1714985237

[1714985237]

1714985237

[Charles-Tim]

You are not wrong, using a strong password, enable email 2FA, avoid login in another person's device, and not using the same username and password on other sites would all help. But once someone is not active on this forum and suddenly become active, or even if the person is active, dealing with such person should be when you have confirmed that his account is not compromised, this can be done either by using PGP encrypted message or telling the person to sign bitcoin address that he had once used on this forum before.

[Welsh]

Most users should already be aware of these recommendations, but also ideally should already be following them. Since, this is what you should be doing for every account you own. I don't quite understand why security isn't taught in IT classes early on in life. I was never taught anything about security, but everything about Microsoft Office, which is kind of funny looking back.

Also, just saying avoid phishing isn't the best advice, since that's obvious. However, going through the steps of verifying a link is what it is would probably be the best approach. Although, I feel like that guide would be better if it was done visually.

[OcTradism]

Forum account: security, privacy, and recovery

No matter how carefully and safely you believe you already done for your forum account, you must have a reserved solution for worst situation. With a good reserved solution, you will be able to recover your account later. That is very helpful and means a lot for you.

Use a strong password for your account, for your email, turn on 2FA for your email and don't forget to stake a Bitcoin address with a signed message on the forum. That address will be one of ownership evidence if you want to recover your account.

[Apocollapse]

I'll add few more tips:
1. Hide your email address from public, go to Profile --> Account Related Settings
2. Never ever participate any bounties, someone might use your address or social media accounts on purpose, so when a scam buster find you've linked to other user and participate in a same campaign, you will get negative feedback.
3. You must use very strong password or update your password regularly e.g. once a month.

[Sandra_hakeem]

What you suggested is absolutely true. Apparently, those precautions are the type that anyone should have known -- coupled with several cases that people have lost/ can't prove ownership of their accounts -- it's should have been an optimistic plan in everyone's mind.
Several users have stayed out lately, unaccounted for, and very little or nothing is done about it because no one can really acertain to some VIABLE informations about them. Sometimes, a user will wake from Hades just to claim am account that has been active for several years, with the mere fact that it was HACKED few years ago.

Now even if that's true (which I'm not sure) has is the case taken? So in cases like this, nothing is done.
I'll advise everyone out there, mostly newbies cus -- I have seen a bunch lately-- to adhere to whatever viable informations that can ensure the safety of their accounts in the future.
Cheers,

Sandra 👩‍🦱

[lovesmayfamilis]

When I saw this topic, I thought that one of the authors of the topic I had already seen had changed its name.
Wasn't everything the OP described written the day before?

https://bitcointalk.org/index.php?topic=5415324.0

Why repeat everything when it has been repeated three hundred times? I did not see any new advice, which would not be in this thread.
It's worth just reading, and everyone will understand that the OP's topic is just a repetition.

https://bitcointalk.org/index.php?topic=5415324.msg61029150#msg61029150

Although yes, both of these topics will soon go down in history. And we'll start all over again.

[AnotherAlt]

It is strongly discouraged to secure your password on your email address.

Who does that these days? It's like you wrote your wallet details on paper and on your table.

Always make sure you keep your password safe offline, away from any internet access.

That's the mistake we make. I saved most of my passwords on my browser, and one of the Addons installed on the browser did something bullshit. After that, my several accounts were accessed from Russian IP. After that, I changed all my passwords. The hacker stole around $20 from one of my casino accounts which were not significant. But, The problem is; he was able to access my account. Since then, I don't save passwords on my browser anymore.

[isaac_clarke22]

4. Always secure your  email address. You can use 2FA to secure your email address, so that hackers won’t easily have access to your email address. Also, avoid entering your email address on untrustworthy websites, It's always better to have a separate email address for the forum that you won't use on any other websites, so that nobody will be able to hack your email address.  If your email address have been compromised it will be easy to hack your forum account, because the user can easily input your bitcointalk username on the forum and click on reset password, a code will be send to your mail which the user can easily use to access your forum account.

Just want to add up that if people cannot keep track anymore on how many websites they registered their email, they can use the website "Have I Been Pwned" to tell if their email address were involved in a certain data breaches.
I had an old email address (not used in this forum of course) that became victim of data breach and now I realized why my Facebook back in 2009 was always being password changed.
I am pretty sure that many of us here are already aware and careful of how we use our email address to different websites, so I would just put this out to people that aren't aware yet.

[Welsh]

Just want to add up that if people cannot keep track anymore on how many websites they registered their email, they can use the website "Have I Been Pwned" to tell if their email address were involved in a certain data breaches.
I had an old email address (not used in this forum of course) that became victim of data breach and now I realized why my Facebook back in 2009 was always being password changed.
I am pretty sure that many of us here are already aware and careful of how we use our email address to different websites, so I would just put this out to people that aren't aware yet.

Unless you plan on using a website for a long time, just use a temporary email address, and then this eliminates any issues that could come from that. Ideally, you wouldn't be using the same password anyway, and therefore that wouldn't be compromised. Obviously, data that you give that website could potentially be compromised, and therefore associated with your email address, which an attacker could leverage or potentially gain more information to carry out a more sophisticated attack. So, there's definitely could reason to use different emails if you do use multiple websites.

Personally, I hardly sign up to anything these days. Kind of sick of every website requiring you to give your data over by signing up.

[BIT-BENDER]

Good advice mate, many people has lost their Bitcointalk forum accounts as a result of very avoidable mistakes and errors, one of this things I would like to talk about is clicking on random links.
If you aren't backed by 2FA you can get caught in this trap.

This works in various ways and it mostly gets people who are desperately searching for earnings. You click the link it takes you off to another site where you are asked to create an account which you then do, and for those who uses same password all the time you make things easier for this scammers. They take record of the password you imputed and then try it on your account.

[Eureka_07]

<snip>
Account security should be taken very seriously in order to avoid such incidents, because prevention is better than cure.

Maybe users can also make use of the "Secret Question" feature which might help you recover the account if it's stolen, though it is mentioned that this is not recommended since it also kind of acts like a second password, I still think that it is fine as long as you create an answer which someone should not be able to guess easily. (was there any history here where a user successfully retrieved the account using this feature?). Probably, in relation to forum security, signed message really will help recovering the account.

[_BlackStar]

Some of the points in the OP are general suggestions that many forum users may have realized. But there's nothing wrong with reminding especially since there are a lot of new users who haven't noticed it yet.

7. You can carefully sign a message with your wallet address as well. This can help you prove ownership of your account in case you fall victim to account hacking, if you can sign a message with your wallet, then you can recover your forum account back.

I believe that sign message will help recover accounts in the event of a hack, but I don't know exactly how many bounty hunters are aware of it. Then, some old users may lose access to the wallet they used before so they will surely fail to sign message from that address. If this is the only way out there, then I'm sure any user who loses access to his wallet will also lose his account ^{[if hacked]} specifically if he can't sign message.

[decodx]

<snip>
Account security should be taken very seriously in order to avoid such incidents, because prevention is better than cure.

Maybe users can also make use of the "Secret Question" feature which might help you recover the account if it's stolen, though it is mentioned that this is not recommended since it also kind of acts like a second password, I still think that it is fine as long as you create an answer which someone should not be able to guess easily. (was there any history here where a user successfully retrieved the account using this feature?). Probably, in relation to forum security, signed message really will help recovering the account.

Isn't the option to recover your password by answering a secret question disabled on the forum? I'm not sure, but I think I read somewhere that if you try to recover your password that way, your account will be locked and you will have to request a manual review and recovery process. (I can't find any details about it now though.)

[Welsh]

Maybe users can also make use of the "Secret Question" feature which might help you recover the account if it's stolen, though it is mentioned that this is not recommended since it also kind of acts like a second password, I still think that it is fine as long as you create an answer which someone should not be able to guess easily. (was there any history here where a user successfully retrieved the account using this feature?). Probably, in relation to forum security, signed message really will help recovering the account.

It's an additional attack surface that could be avoided by just remembering or writing down your password, and storing it in a safe place. That way, is almost entirely secure. Whereas, a secret question could potentially be guess or brute forced. For example, if the forum ever was compromised again (hopefully it won't be) then the hash could potentially be targetted, and if it's not secure enough it could potentially be compromised. If you make your secret question too complicated, then you're probably just as likely to forget it as your password you've set.

[isaac_clarke22]

~

True. I try to keep my work mail away as much as possible from any website if it can be avoided. When I use a third-party app that I would do in my web dev job, I usually try to use a dummy account and would use random characters for the name since Gmail really requires them anyway. Kinda makes it hard though when you are required to connect your work email, lol.

I lost track of all my emails that I used back in 2015, but good thing it never involved any of my personal information.

Personally, I hardly sign up to anything these days. Kind of sick of every website requiring you to give your data over by signing up.

Kind of annoying as well when they're letting you use their web app but then they would require you to sign up to get your output.
"Hey! Want to get/download/export that whole business model you created for your business? Sign up first. You can use Google or FB to sign up. "

[Welsh]

True. I try to keep my work mail away as much as possible from any website if it can be avoided. When I use a third-party app that I would do in my web dev job, I usually try to use a dummy account and would use random characters for the name since Gmail really requires them anyway. Kinda makes it hard though when you are required to connect your work email, lol.

I lost track of all my emails that I used back in 2015, but good thing it never involved any of my personal information.

We've all done it. I imagine most of us have multiple emails that have been lost with time. The good news is from a marketing stand point, most data that's a couple of months old isn't very useful for advertisers so they won't link you up that way. If your emails do have your personal information you've just got to hope that your password was unique, and wasn't used anywhere else. Since, even if you have the strongest password in the world in terms of it being random, if you use it multiple places, and one of those places gets compromised. You could potentially be compromised since that opens up a window of possibilities in terms of attack surface.

Although, you'd be surprised how many websites actually store your personal information, and credentials in plain text.

[Oceat]

I'll add few more tips:
1. Hide your email address from public, go to Profile --> Account Related Settings
2. Never ever participate any bounties, someone might use your address or social media accounts on purpose, so when a scam buster find you've linked to other user and participate in a same campaign, you will get negative feedback.
3. You must use very strong password or update your password regularly e.g. once a month.

Isn't it common to protect your personal account or maybe don't try to login to any other site except the legit one which in most cases are the causes of getting hacked. Then avoid using your personal email to any other site or use the same email on every site you try to register and most of all be wary everything about your account security. That's the first thing someone should do and don't let your account be as common as most newbies here I'm sure that would add some extra security with your account.

Once you created an account explore the settings of your profile down to securing everything to avoid most common problem about hacked account.

[lovesmayfamilis]

Maybe users can also make use of the "Secret Question" feature which might help you recover the account if it's stolen, though it is mentioned that this is not recommended since it also kind of acts like a second password, I still think that it is fine as long as you create an answer which someone should not be able to guess easily. (was there any history here where a user successfully retrieved the account using this feature?). Probably, in relation to forum security, signed message really will help recovering the account.

There was a good story on the vulnerability of security questions. Whoever has the question is practically exposing himself to the possibility of being hacked. If a hacker is puzzled by such a problem, I think by the method of selection, he could do it.
Welsh explained everything well, but for better understanding, I think there will be a few topics of interest that should change their attitude towards setting a security question.

https://bitcointalk.org/index.php?topic=5405459.msg60529210#msg60529210

https://bitcointalk.org/index.php?topic=5242794.msg54280403#msg54280403

[Pmalek]

3. Always avoid downloading untested software or dangerous files.

I will take it one step further. Don't download anything you don't need just because you are curious to test it out or see what it does. "Curiosity killed the cat", remember that. Stick with the stuff you know and you need. When you determine that a file is dangerous based on what it did to your system, it might already be too late and something awful already happened. Keep it far away from you if you don't know what it is.

5. Avoid logging in with a random user's mobile device...

That goes for desktop computers as well. Don't access Bitcointalk from internet cafés because you can't know what the owners have installed on those computers or what the person who used it before you did. Using a friend's PC/phone can also be dangerous. Don't use unsecure WIFI networks. The friend doesn't have to be malicious and want to hack you, but they could be infected with some malware themselves. 

7. You can carefully sign a message with your wallet address as well. This can help you prove ownership of your account in case you fall victim to account hacking, if you can sign a message with your wallet, then you can recover your forum account back.

That message needs to be stored safely as well. If you get your device hacked and someone steals your digital proof, the other person will also gain the ability to sign a message from the same address and ultimately prove they have access to the private key.