[Guide] Lessons that every beginners should learn from recent account hack

[TheGreatPython]

When I come across this topic in meta, I am little surprised on learning how people get busy on real life and then forgetting about the basics on securing their bitcointalk account. Beginners may not be enough skilled to secure their account and even legendary members as well might miss like this incident hence decided to list few check points to make sure the security of our bitcointalk account.

In above incident, account holder lost their email due to expiry of it and then hacker created the same email and then easily got access to bitcointalk account.

It means, getting access to our email is very much similar to hacking password. So, we must not show what is our email.

Tip #1
Make sure that your mail is HIDDEN to anyone by ticking this checkbox:
Profile-> Account Related Settings-> Hide email address from public?



Tip #2
Make sure your email is active (and secured in terms of strong password and recovery options).

In recent times, (for example) google announced about deactivating inactive emails. So, it would be always a good practice to frequently keep checking all our email accounts including the one linked to our bitcointalk account.

And always use an alphanumeric password with at least 8 character length with symbols and capital letters. Because such password can be hacked only by 10+ years of brutal force.

Tip #3
Enable two-factor authentication in your bitcointalk account.

(I am mentioning this because it is relatively a new feature to our accounts and with this reason, not everyone is aware of availability of this security measurement).

Profile-> Account Related Settings->Two-factor authentication status:




I am sure that in above hack incident, if that user followed at least any one of these basics, might have prevented the hack.

Also, I like to know if I am missing any other tip to secure my account. I am always open to learn. Thank you all!

[dzungmobile]

Some more things about email address that need to be valid, not an invalid and non-existing one. Because later someone else can create that email address and steal your account.

theymos advised that it's better if you use email address like

Code:

yourUserName@invalid.bitcointalk.org

Make sure that your email address is secure. If you don't want to set an email address, use something like yourUserName@invalid.bitcointalk.org; don't use a random nonsense email like y@x.com, since somebody might create that domain/email.

This is something we recently started doing. If email sent to your email address bounces with an error message like, "This email address doesn't exist", then your email may eventually be changed to u...@bounces.invalid. (It's not possible for users to change their email address to something ending in .invalid, so this can only be an administrative change.) Because your old email didn't exist, somebody could've registered your non-existent email address and used that to steal your account.

[Mia Chloe]

Nice thread op I have a thread like this I created a very long time ago even before the 2FA implementation. Here is the post;

Securing your Bitcoin talk account

[Wiwo]

I made this mistake when I was a newbie, by displaying my email, but sure the forum already did enough to secure your privacy by making new account email hiden by default, unless if the user when to setting to make the email public.

I my own case I was the one that activated my email displayed, until some legendary old members enlighten that time to make my email private, leaving the account setting the way their are is the best way to go about the forum a d not sharing your email in public domain such as filing spreadsheets and the rest.

[SATWAT]

Nice thread op I have a thread like this I created a very long time ago even before the 2FA implementation. Here is the post;

Securing your Bitcoin talk account

As time is running out quickly newbies are also facing many problems so we need to keep things update for them, I have been feeling its good try by the OP for having all things in this thread because recently we are having some troubles for few members due to these mistakes hopefully now they will try to avoid them.

[KingsDen]

I remember when I registered newly here. My email was visible and I was receiving generic messages like;
"Hi, I'm from bitcoin forum, can we get to know ourselves"
"Hello, how long have you been in bitcoin"
I was surprised why I was recieving them in my email instead of in the forum pm. Until an established member advised me to hide my email address.
Most times we overlook the basics and concentrate more on the secondary and lose the primary.

[Adbitco]

I am sure that in above hack incident, if that user followed at least any one of these basics, might have prevented the hack.

Also, I like to know if I am missing any other tip to secure my account. I am always open to learn. Thank you all!

To me secure account you need to stake your bitcoin address and used a complicated password that could be very hard for people to guess or memorized that is all. I don't think killing oneself with various security can still help you, just that people are too lazy to use strong password. I think I have came across a user here who said immediately he logout his account while login back he would have to reset his password to have new password because he always forget his password.

[General_Bitcoin]

After registering my account I am not able to have enough time here on this forum but still I am doing good because I learn many things which are helping me in crypto world and managing my savings into Bitcoin because I am feeling comfortable with this now for securing my account I read few good and important points.
These are going to help me in future because now I have feeling I will be tried to give more time here because this is always blessing for me increased my knowledge and also good tips for many things related to my work and life.

[Ishicryptic]

Thanks for sharing this important information for newbies and older members who might be ignorant of the importance of hiding their emails in this forum. When I registered I thought that it will be wise to leave my email on hide, since this is an open forum and people can have access to my profile. Hackers makes it their business to break into people's accounts so it is important that we should try not to give them the access to impersonate us. Using a combination of complicated letters and symbols to create passwords is a good way to make it difficult for hackers to access our accounts.

[Upgrade00]

Your topic suggests that the account was hacked which some will interpret as a security lapse on the forum. Best to refer to it as an email breach, as that was the channel that allowed unauthorized access to the account.

Another security advice will be to have an address posted here which you have access to and to stake a signed address. This doesn't protect your account but will be your best way of recovering it if it someone else gets into it.