How I almost lost my account.

[JiiBs]

Negligence can ruin all your hardwork

Now this wasn’t a hack attempt but, as a result of my own negligence that would have proven very costly.

When I joined the forum, I experienced an unforseen difficulty which turned out to be the norm for most new users here. This i expressed in a post I made about Evil fee (Safe means please and Evil IP).
At this point, I already had some triers with what I had then as intended details without success so, I had to proceed with just anything that came to mind.

Now, some of the things I did wrong was:
1. Completely randomizing my mail address as, i noticed from other triers that, verification mails wasn’t sent so, I used a throwaway mail address.
2. My password was completely picked at random as, it was supposed to be temporal.
3. I didn't have the mail address logged in on my device.

Why am I on this narrative;
Earlier today I woke up to what seemed like a nightmare. I tried logging into the forum as I’ve been inactive for a couple of days and as a result, my browser already logged me out.
After inputting my username, I typed in my password and it came out incorrect. I tried a different combination and it still was incorrect. At this point, I knew I was in for real trouble.
I proceeded to get a notepa, wrote down all I thought could be the right combination, input each of them and each time, it came out as incorrect.  After a good number of triers, by default the site sent a mail for password reset as, password recovery was off the books but, I didn't have the mail address logged in. I proceeded to try other combinations until I was told to have exceeded my allowed number of logins and should check back later.

At this point, I was completely exhausted and had to take some rest, it was already 14 O'clock. I later woke up, thought of things I could have done differently and means to recover my account but, without any insurance in place to prove ownership,  I knew my chances if I couldn't arrive at the right combination was almost zero.

When woke about an hour after, I tried again but, I couldn't go for anything different and as such, the password was still incorrect. Then, I went against my will to try what I didn't beleive would be it and then, I was live on my account again. A huge sigh of relief enveloped me in entire. Thoughts of changing the password to something familiar and that which am used to was the next thing but, I chose to be calm and not be hasty about it.

How I got to forget:
I'm not always active here but, am trying to be and the random nature to the details of my account creation wasn't sticky just yet.

What I could have done to avoid this:
1. Proceed to change my details to what isn't picked at random and what I would be familiar with but, I didn't do that at the time.
2. Have my password saved on my devices mail address for auto logins but, this offers a different form of challenge to security and as such, I ignored it.

What have I done to avert this:
1. Create and have a proper mail address to the account.
2. Create a strong password combination.
3. Writing down my important detail to keep it safely.

What am yet to do but find very necessary and would do:
1. Generate, sign and stake a Bitcoin address to this account.
Edited:
Finally got to sign  an address and stake it on meta to mark my account and for reference.

Code:

Message: I am JiiBs on Bitcointalkforum, today is 4th June, 2024. I claim ownership of this account with this address
Address: bc1q8xv4j607vml83fgq8a7cz9ydzs2h0x305lk3ky
Signature:  IG7gZa2GVW4TKvjunpxDH/evkW2Ks8Nl5rQn5GG+OLFPGzoYMgRlwkgq3AC4Wgd9uObhGnnEC1AofRULrQzYYEA=

Though this might be out of my care freeness and was yet to discover just how important and attached this account might be for me, I do hope some users here don't and are not making the same mistakes as I did. It feels very terrible to be in that position or having to recall what your not sure off. Don't procrastinate on what need be down and be sure to follow safe means to account security.


Just after concluding this thread, I see a user seeking help on forgotten password on meta. Forgot password. Assistance needed. from the user Ambatman. That's to say, it could happen to anyone and so, there is a need to take precaution.

[Potato Chips]

What made you use throwaway email for this op? as I only use such for accounts I never cared much or willing to throwaway. If you're worried about exposing your email address, perhaps an email alias service could be of some use to you.

Perhaps you might be interested on password managers like keepass.info? this made things so much more convenient for me as I only need to remember one password to access hundres of my accounts lol. Plus your keepass database is stored locally and is encrypted. Passwords are also better off randomized though computer generated would be better than humans which fortunately, keepass also offers.

[Rruchi man]

Perhaps you might be interested on password managers like keepass.info? this made things so much more convenient for me as I only need to remember one password to access hundres of my accounts lol.

It is scary to think about, because if someone is able to get your one major password, they will have access to all your passwords.

I would prefer to use the biometric options like fingerprint and facial recognition for better security if these password managers have it for access, that will make it more difficult for someone other than me to gain access.

[JiiBs]

It is scary to think about, because if someone is able to get your one major password, they will have access to all your passwords. I would prefer if these password managers have the biometric option like fingerprint and facial recognition in addition to passwords for access, that will make it more difficult for someone to gain access.

That’s one of the reason why I didn’t go with the offer from the mailing company to have my password saved with them. A hack on the company or a hack on my mail account could mean a compromise on all my details.
It’s an option still as, at some point, I wished I had it in place but, it didn’t matter anymore after I finally got the correct combination.

Meanwhile, having a Biometric or Face scanner to this doesn’t mean ultimate security even. You still get to save the codes on there ledger/data base and the Biometric verification or face scanner is just a means of access from your device. It doesn’t stop a hacker from hacking the mailing company directly.

Biometric and Face scanner don’t necessarily means best practices to security. In fact, these can be flawed and some one close to you with access to your device could easily show your screen to your face or press your prints to the scanner and your device is open to them.

[BlackBoss_]

What made you use throwaway email for this op? as I only use such for accounts I never cared much or willing to throwaway. If you're worried about exposing your email address, perhaps an email alias service could be of some use to you.

theymos advised that if user didn't use an actual email for account registration, a throw away or non existing email for registration, that user can change it to an email address with the forum domain. It's safer.

Make sure that your email address is secure. If you don't want to set an email address, use something like yourUserName@invalid.bitcointalk.org; don't use a random nonsense email like y@x.com, since somebody might create that domain/email.

Perhaps you might be interested on password managers like keepass.info? this made things so much more convenient for me as I only need to remember one password to access hundres of my accounts lol. Plus your keepass database is stored locally and is encrypted. Passwords are also better off randomized though computer generated would be better than humans which fortunately, keepass also offers.

[Guide] How to create and use a strong password?

Keepass is available for Android too.
https://keepass.info/
https://keepassxc.org/download/#windows
https://play.google.com/store/apps/details?hl=en&id=com.android.keepass

https://pwsafe.org/
https://proton.me/pass

Avoid LastPass because they have security incident.

[Churchillvv]

Although the whole scenario would be sum up with a few words " Be careful of how you treat things, make a good backup for your passwords" etc but you deem it necessary to explain in details how come about the thread.

Personally I don't like the idea of saving passwords on the internet for any reasons. Just imagine that I saved the password to my email that I use for very important part of my life online and one of the sites it's saved in is compromised and everything I have in the mail got hijacked? So I advise you have a password backup book, diary etc where you can write most things down in a book and not just one maybe two at least incase one gets missing which is not supposed to happen but that other will remain.

Perhaps you might be interested on password managers like keepass.info?

I don't encourage saving passwords with third parties like this because it's more risky than it being lost in your hands than to some kind of hackers.

Have you thought of what happened to Laspass? That's just to tell you that none is save expect your own personal backup.

[Plaguedeath]

I would say all mistakes you did are stupid mistake, so it will not be a concern to other users.

I also can add another one stupid mistake, I forget my login details and I didn't have any back up, then I sold my device.

So I advise you have a password backup book, diary etc where you can write most things down in a book and not just one maybe two at least incase one gets missing which is not supposed to happen but that other will remain.

A better way you can buy steel plate or anything that can resist against fire, corrosion etc just like you back up your seed phrase.

[Ultegra134]

Good thing you were able to login back to your account; losing it and not having a way to recover it would suck, and if you hadn't staked your Bitcoin address, it would practically be impossible. I still don't understand why you used a temporary email address, though. I get it not to use your main address, which may also include your name on it, but a completely temporary address you'll never be able to access again is a little careless. And why didn't you change that sometime after your registration? Anyway, the good thing is that you have your account, and I see that you've now changed your email, so I'm guessing you're safe from it happening again.

Unless this was all a sob story excuse to change email because you sold your account! Haha, I'm joking.

[Potato Chips]

It is scary to think about, because if someone is able to get your one major password, they will have access to all your passwords.

It's not a fool proof setup ofc but IMO it's still better than getting locked up/resetting frequently.. Especially, if you're like me who has hundreds of accounts I dont use everyday lol

However, if you tend to slack on your personal cyber security then it'll come and bite you lol. Keepass for instance stores the database in your device hence you need to keep it clean at all times. A good tip would be to compartmentalize risky stuff to non-risky stuff e.g. get a device that doesn't connect to internet or at least don't do risky stuff on the same device you do important stuff.

I would also suggest enabling 2FA whenever possible so you have a second layer of protection. However, you must keep it in a separate device to maximize security. In a sense, this is also compartmentalizing -- if the device where your password manager gets compromised, your 2fa is likely to be fine as it is in a separate device/environment.

I don't encourage saving passwords with third parties like this because it's more risky than it being lost in your hands than to some kind of hackers.

Have you thought of what happened to Laspass? That's just to tell you that none is save expect your own personal backup.

Note that keepass is a FOSS that stores data locally and encrypted -- on your device. LastPass on the other hand stores them on cloud hence the data leaks weren't surprising to me. I wouldn't trust a stranger to held such important data either.

[JiiBs]

I also can add another one stupid mistake, I forget my login details and I didn't have any back up, then I sold my device.

So I advise you have a password backup book, diary etc where you can write most things down in a book and not just one maybe two at least incase one gets missing which is not supposed to happen but that other will remain.

A better way you can buy steel plate or anything that can resist against fire, corrosion etc just like you back up your seed phrase.

For real? That must have hurt so badly.
So how did you manage to get your account back or it isn't this account your referring as, the referred account is gone for good.

And why didn't you change that sometime after your registration? Anyway, the good thing is that you have your account, and I see that you've now changed your email, so I'm guessing you're safe from it happening again.

Unless this was all a sob story excuse to change email because you sold your account! Haha, I'm joking.

I wouldn't say I have had the thought of changing my password. The thought has crossed my mind once or twice but, I didn't know where to look at the time but, it didn't take long to find though but for no particular reason, I allowed it. Only to be reminded by its necessity with this forgetfulness.

Sold!!! Good joke man, good joke.
Just to think of it, how is that a thing and how can someone seat back and watch his or her built reputation on an account be destroyed by a new owner, using it for all the wrong reasons because of some dollars. Just how much would that be valued anyway!

[un_rank]

Good thing you have gotten your account back and also good you have made a note to stake a signed address. That is the ultimate account recovery tool, it also validates changes in email address and password so no one would suspect that the ownership of an account has changed hands.

- Jay -

[Faisal2202]

So you did not have access to your email, that's why you were not able to receive OTP to forget the password? Or in order to reset the password you have to talk with admins? Actually, I never faced this situation, I have written my password somewhere safe, but if the case is, that you have to contact admins or support to reset the password then its a time taking thing. Who would want that, I thought the procedure would be like this, we give recovery mail, and we receive OTP, input it, and can set a new password.

Correct me if its the case. I don't know that's why I asked. Besides, your story is a big lesson for all of us, besides taking proper action you have aforementioned, we should also stake out account here as well, in case we lose access to our accounts.

[Die_empty]

What have I done to avert this:
1. Create and have a proper mail address to the account.
2. Create a strong password combination.
3. Writing down my important detail to keep it safely.

What am yet to do but find very necessary and would do:
1. Generate, sign and stake a Bitcoin address to this account.

Everything you have listed is valid. The human brain can malfunction at any time, so we need to have a backup. Writing down your email and password in a paper and keeping them safe is also ideal.

Just after concluding this thread, I see a user seeking help on forgotten password on meta. Forgot password. Assistance needed. from the user Ambatman. That's to say, it could happen to anyone and so, there is a need to take precaution.

I don't think Ambatman has recovered his account because he has not posted since May 16th. But this user was able to recover his account after sometime in this thread, Please Recover My account.

I would say all mistakes you did are stupid mistake, so it will not be a concern to other users.

I don't see it as a stupid mistake. Most members never thought they would be in this forum for this long. I have joined many forums where I lost interest quickly and never became active. Some persons just choose a random email and password to access the forum but don't have any interest in staying at first. Maybe they began to enjoy the forum and decided to stay but forgot to change these important details.

[Stalker22]

So to make a long story short, you used a throwaway email address to register, chose a password at random that you did not write down anywhere and later forgot it, and on top of that, had no recovery method like a staked Bitcoin address? Well, I dont know what to say other than... lesson learned the hard way, I hope.

But this is the part that really intrigued me:

At this point, I was completely exhausted and had to take some rest, it was already 14 O'clock. I later woke up,
~

Do you usually go to sleep at 2 pm? How old are you, if I may ask? 

[Zanab247]

I guess you have learned a lesson from this your ignorance, that almost make you to lose your account because you failed to take time to study the forum very well to understand some of the things that will make your details to be in a safe place.

Now you have recovered your account, I believe you will avoid anything that will make your account to be in danger, and you need to concentrate on the rules and quality post so that you will improve in that aspect.


Assume, you don't write all those things down, it would have been difficult for you to recover your details back because there are some newbies that loss their account to scammers because they displayed their details and they didn't write down their details.

[Uhwuchukwu53]

The op deep explanation why the post is created show how some take certain things so common and later begin to see the benefits or course of getting those things they misplaced as a result of negligence. Security and keeping of details is very important no matter how that document may look like, what you neglect can be of help and one must have a means of securing important documents not just online but manual means.

[Porfirii]

And, with the stats of the OP, it would've been a loss, but imagine if that happened to a Legendary...

Apart from the advice given above, it is also very advisable to post your PGP public address so, if you lose access to your account or you are impersonated, you can probe that you are the rightful owner of the account by simply signing a message.

We cannot expect it from the average newbie, I'm afraid, but as you rank up and learn more and more there is a moment when you learn to do that. Hopefully, not too late...

[Cricktor]

An important step is to enable 2FA to further secure your Bitcointalk account login. I don't know how many users already enabled 2FA for their account here, but frankly why wouldn't you want to do it?

In addition as mentioned earlier, you can stake your PGP public address and/or stake a Bitcoin address and sign a message to prove you control the private key of that address. Both will make account recovery a lot easier and possible at all, should your account ever be compromised or lost.

[Saint-loup]

Why you haven't used an alias service for your email address instead of using a throwaway email box, I don't understand? Using disposable email addresses is dangerous because even when they allow you to set a password it's usually temporary and one day it can be reset and your address will become available to anyone. In addition domains can become unavailable and any attached address can disapear without any possibility to access it again. For the password it's better to use a password manager, nowadays almost all browsers offer a safe one. And if you add the two-factor authentication, you can store your password almost anywhere since it becomes only one part of your way to login.
Besides that, you could have set a secret question first, you wouldn't need to remember your throwaway address.

Secret Question:
To help retrieve your password, enter a question here with an answer that only you know. Using this feature is not recommended. Anyone who guesses your secret answer will have access to your account. It's like a second password.
Answer:
Choose carefully, you wouldn't want someone guessing your answer!

https://bitcointalk.org/index.php?action=profile;sa=account

[JiiBs]

Apart from the advice given above, it is also very advisable to post your PGP public address so, if you lose access to your account or you are impersonated, you can probe that you are the rightful owner of the account by simply signing a message.

We cannot expect it from the average newbie, I'm afraid, but as you rank up and learn more and more there is a moment when you learn to do that. Hopefully, not too late...

Am doing my best to be above an average newbie, lol!

I have e successfully signed a Bitcoin address as an added safety measure on my account. I'll update that in OP too so, the rest of you could verify with me.