Secure your account

[ndnh]

I survived inputs.io hack, mtgox and now coinbase. (my loss less than 10% of my holdings) Here is what i do to secure an account:

I use just a complex password. no app, no 2FA, no nothing
My email address cannot be hacked using forgot my password. (even i don't remember that)
make sure u get into the real site
don't use same username or password for a trusted site and an untrusted site
use different complex password for email and other important accounts
passwords may be similar to you but inguessable for a hacker

Split your btc among different services.

[vnvizow]

Well said, captain obvious. Well, this is the Beginners & Help section......

[Denni]

I wonder how gox hack is correlated to the password security. 

[lynn_402]

I survived inputs.io hack, mtgox and now coinbase. (my loss less than 10% of my holdings) Here is what i do to secure an account:

I use just a complex password. no app, no 2FA, no nothing
My email address cannot be hacked using forgot my password. (even i don't remember that)
make sure u get into the real site
don't use same username or password for a trusted site and an untrusted site
use different complex password for email and other important accounts
passwords may be similar to you but inguessable for a hacker

Split your btc among different services.

2fa is important too. With your method, you're at the mercy of keyloggers.

[marcotheminer]

What the hell happened to coin base???

[leex1528]

What the hell happened to coin base???

Yes, did something happen I am missing??

[blacksails]

My suggestion: Don't store your bitcoins online. Put them in an offline wallet where you are the only one that controls the private keys. That way you're (almost) safe from hacking (remember what Kevin Mitnick said, "No computer is ever safe.").

[Shima]

coinbase.com? the site is live and working fine! What had happened?

[xypos]

You can have the best password and security ever, you can't do anything if the website closed (like mtgox, inputs.io, ...).

[Dark.coder]

No matter how secure and strong your password is you account will get hacked if you been a victim of phishing/keylogger/backdoor.
Brute forcing is quite outdated as a matter of fact unless you are using plain text/ default passwords like: Password123, admin, johnlovemarry, shane etc so its better to read and keep yourself updated regarding the new techniques and methods and prior to that using an anti virus is must. Being a security expert i strongly recommend bitdefender and malwarebytes pro.
Tip : use virustotal.com as your weapon always

[MonkeyDOH]

Very nicely explained ndnhc !
It's important for beginners.

[NewLiberty]

Coinbase API allows user enumeration.
So folks can send payment requests to arbitrary users.

Here's an eli5 ish article:
http://www.cryptocoinsnews.com/news/coinbase-bug-allows-mass-phishing-and-leaked-user-information/2014/04/01

[noviapriani]

If you login to your account on the mogstation and find the onetime password page it should be there. I believe the hardware token use the serial on the back as the emergency password instead,,,,

[counter]

Also I'd like to add that one should make sure the computer they are using to do all of this is not compromised in any way shape or form.

[pekv2]

Stay safe link in my sig. Bitcoin community does a great job.

[bryant.coleman]

My email address cannot be hacked using forgot my password. (even i don't remember that)

Can you tell me how did you deactivated it? Almost all the email accounts can be hacked using forgot my password, and this route is the most preferred one used by hackers to steal coins from BTC-E and other exchanges.

[ndnh]

I wonder how gox hack is correlated to the password security. 

It isn't. I didn't trust it from the beginning.

coinbase.com? the site is live and working fine! What had happened?

Some coinbase accounts were hacked.
But most thought their account was hacked or something after they received a request (see http://www.reddit.com/r/Bitcoin/comments/21wyl3/coinbase_has_not_been_hacked_this_is_a_feature/)
NewLiberty is correct

My email address cannot be hacked using forgot my password. (even i don't remember that)

Can you tell me how did you deactivated it? Almost all the email accounts can be hacked using forgot my password, and this route is the most preferred one used by hackers to steal coins from BTC-E and other exchanges.

put in long string of random numbers and alohabets and symbols if there is no option to deactivate it.
Just don't forget the password

[BigMac]

I survived inputs.io hack, mtgox and now coinbase. (my loss less than 10% of my holdings) Here is what i do to secure an account:

I use just a complex password. no app, no 2FA, no nothing
My email address cannot be hacked using forgot my password. (even i don't remember that)
make sure u get into the real site
don't use same username or password for a trusted site and an untrusted site
use different complex password for email and other important accounts
passwords may be similar to you but inguessable for a hacker

Split your btc among different services.

These are some good suggestions that everyone should take a read.

[durrrr]

Is coinbase really insecure? I use authenticate for iPhone and have a good pass but was wondering if I should keep coins on there

[deadley]

I setted my coinbase by sms code, without code my coinbase cant be open.