Bitcoin Forum
November 21, 2017, 10:14:50 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: General Security - ie. Which Pools offer Security Locks for Wallet/Email etc ?  (Read 1792 times)
bitlane
Internet detective
Sr. Member
****
Offline Offline

Activity: 462


I heart thebaron


View Profile
January 03, 2012, 07:11:23 PM
 #1

Without signing up to each and every pool to see for myself, I figured I would simply ask here.....

Which Pools offer Security Locks for Wallet/Email etc ?

To clarify (in case it's not obvious enough), which pools allow users to permanently LOCK their Wallet IDs into their control panels or any other enhanced security features that might help new miners find a pool that they feel comfortable with?

Basic Pool Security Features:
- BTCGuild (wallet lock + email locks)
- Deepbit (wallet lock + email locks)
- Slush (wallet change email confirmation + email lock)
- ?

1511259290
Hero Member
*
Offline Offline

Posts: 1511259290

View Profile Personal Message (Offline)

Ignore
1511259290
Reply with quote  #2

1511259290
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
DeepBit
Donator
Hero Member
*
Offline Offline

Activity: 532


We have cookies


View Profile WWW
January 03, 2012, 07:45:33 PM
 #2

Deepbit offers optional permanent bitcoin address lock.
E-mail address can't be changed too.

Welcome to my bitcoin mining pool: https://deepbit.net ~ 3600 GH/s, Both payment schemes, instant payout, no invalid blocks !
Coming soon: ICBIT Trading platform
slush
Legendary
*
Offline Offline

Activity: 1372



View Profile WWW
January 03, 2012, 07:52:24 PM
 #3

My pool offers email confirmations + users cannot change registered email. However I don't see any benefits in locking payout wallets, it's more like security thru obscurity for me.

bitlane
Internet detective
Sr. Member
****
Offline Offline

Activity: 462


I heart thebaron


View Profile
January 03, 2012, 08:03:33 PM
 #4

Deepbit offers optional permanent bitcoin address lock.
E-mail address can't be changed too.
thanks, I will add it to the list.

However I don't see any benefits in locking payout wallets, it's more like security thru obscurity for me.
Well, opinions vary I guess. When my wallet ID is locked and auto-pay is set....the actual security of my mining account and the BTC that sits in that account in between payouts becomes less of a concern for me.
I think wallet locking is a great feature and others (who had accounts hijacked) would definitely agree with me.

My current BTCguild account as an example....can pretty much be accessed by whomever wants to access it, because once they are in there, the only thing they can do is SEND ME BTC or NMC, as they can't send it elsewhere, they can't disrupt my miners, as even deleted or removed miners can still receive work and payouts.


Other than creating a new miner and helping add to my BTC totals, they can't do anything else. I feel pretty happy about that.

No confirmations, no possibilities, nothing. You are welcome to my credentials, as they will not do you any good, other than being able to see what I am doing in that account.

slush
Legendary
*
Offline Offline

Activity: 1372



View Profile WWW
January 03, 2012, 08:09:06 PM
 #5

Locking of addresses have many side effects. As an example, I already solved many issues when people lost their wallet. Now imagine that their wallet will be locked to this lost wallet, with significant amount of the pool balance. Should I send bitcoins to black hole even when user ask me in advance (before automatic payout triggered)? Or should I break the rule and change wallet to new one?

Actually I really think that the probability of hacking/hijacking pool account AND hacking also mailbox AND NOT hacking the receiving computer is negliable. Because when user's computer is compromited (so attacker can have easy access to mailbox and pool account), wallet locking isn't any problem for the attacker anymore, because he can steal coins directly from the computer, after the payout.

bitlane
Internet detective
Sr. Member
****
Offline Offline

Activity: 462


I heart thebaron


View Profile
January 03, 2012, 08:15:34 PM
 #6

Locking of addresses have many side effects. As an example, I already solved many issues when people lost their wallet. Now imagine that their wallet will be locked to this lost wallet, with significant amount of the pool balance. Should I send bitcoins to black hole even when user ask me in advance (before automatic payout triggered)? Or should I break the rule and change wallet to new one?

Actually I really think that the probability of hacking/hijacking pool account AND hacking also mailbox AND NOT hacking the receiving computer is negliable. Because when user's computer is compromited (so attacker can have easy access to mailbox and pool account), wallet locking isn't any problem for the attacker anymore, because he can steal coins directly from the computer, after the payout.
If I loose my wallet, I can disable auto payout. To ask for Admin help, that does not constitute as BREAKING RULES, because obviously the ONLY one that can change credentials of any kind, would be the Admin.

Also, we are not talking about individual computer user's security - WE ARE TALKING POOL SECURITY, so an excuse to help one aspect of security (in this case user PC security), means nothing to me in this thread, as it is completely off topic. There will always be problems, Pool security, as most see it, is a bonus.

Please stay on topic.

bitlane
Internet detective
Sr. Member
****
Offline Offline

Activity: 462


I heart thebaron


View Profile
January 03, 2012, 08:22:49 PM
 #7

My pool offers email confirmations + users cannot change registered email. However I don't see any benefits in locking payout wallets, it's more like security thru obscurity for me.

Do you have a 'No Transfer for, or 24hrs Wallet Lockdown, after Wallet Change' policy in place ?

In the confirmation email that is sent (triggered during a wallet change), does the wallet get locked until the email confirmation is processed ? could you explain how it works please ? thanks....

Sorry, it's been a while since I have mined at your pool and I am sure things may have changed.

jake262144
Full Member
***
Offline Offline

Activity: 210


View Profile
January 03, 2012, 08:33:11 PM
 #8

I always prefer to bolt the wallet id down when I get a chance.
Anyone not doing their wallet backups is just asking for trouble anyhow, so I can't quite agree with Slush.
Also, why on Earth would anyone entrust any pool with a significant amount of bitcoins is beyond me.


ABCPool gives the user a chance to lock their wallet id. I also can't find any way of displaying/changing my saved e-mail address.
Eligius effectively does so in its idiosyncratic way (Trust No One, not even the pool).
BitcoinPool doesn't allow changing the wallet id or e-mail.

EDIT:: for those uninformed, Eligius keeps NO user data at all. You use the wallet ID as your worker username.
slush
Legendary
*
Offline Offline

Activity: 1372



View Profile WWW
January 03, 2012, 10:40:02 PM
 #9

Also, why on Earth would anyone entrust any pool with a significant amount of bitcoins is beyond me.

Me too. However a lot of people stored tens of BTC on the pool, which was the reason why I set top limit to (if I remember well) 20 BTC.

My attitude is: secure your wallet, set "send threshold" to some value which will trigger payout once per day or two and you're done. In the worst way, you'll lose one day payout. Again, no one lost single bitcent on my pool unless he breaks very basic rules of security.

DeepBit
Donator
Hero Member
*
Offline Offline

Activity: 532


We have cookies


View Profile WWW
January 03, 2012, 10:40:38 PM
 #10

Actually I really think that the probability of hacking/hijacking pool account AND hacking also mailbox AND NOT hacking the receiving computer is negliable.
There are many ways to steal e-mail account - like guessing secret question, keylogging on a public PC, dictionary bruteforcing weak passwords, using ready-made keylogging trojans. Hacker gets an access to the e-mail, sees pool's messages there, finds out the pool and account then requests password recovery from the pool: task accomplished. E-mail hack usually leads to pool account hack, that's when wallet lock is useful.
I don't know about your statistics, but I received some messages from users whose e-mail was compromised somewhere and then wallet address changed.

Of course wallet backup is mandatory before locking and common sense is required.
A small number of users (AFAIR ~3-5) suffered from locking mybitcoin address, but no considerable amounts were on those accounts, just a couple of bitcoins.

I'm not saying that everyone should lock their address, but I think that it's very useful to ALLOW this because some users may know what they are doing. And yes, withdraw your rewards on time, it's not a bank :)

Welcome to my bitcoin mining pool: https://deepbit.net ~ 3600 GH/s, Both payment schemes, instant payout, no invalid blocks !
Coming soon: ICBIT Trading platform
slush
Legendary
*
Offline Offline

Activity: 1372



View Profile WWW
January 03, 2012, 10:42:35 PM
 #11

Do you have a 'No Transfer for, or 24hrs Wallet Lockdown, after Wallet Change' policy in place ?

No, because I really hate such "extra rules" on every site. I would be very upset when I realize that changing of address lead to one day lockup of payout, especially when I'm probably changing bitcoin address for some good reason.

Quote
In the confirmation email that is sent (triggered during a wallet change), does the wallet get locked until the email confirmation is processed ?

Yes. Pending email confirmation locks payouts until confirmed or cancelled.

[Deepbit]: No user reported me any issue with hacked email so far. Around 90% of hacks were related to MtGox issue, the rest was more about compromised computers.

jake262144
Full Member
***
Offline Offline

Activity: 210


View Profile
January 03, 2012, 10:53:49 PM
 #12

... which was the reason why I set top limit to (if I remember well) 20 BTC.

A prudent policy I wasn't aware of. Thumbs up.
Tripping the limit automatically sends the bitcoins to their rightful place I presume?

I noticed a valid bitcoin address isn't required to start mining at your pool.
Is there an automatic e-mail message to inform the forgetful souls who never provided you with their wallet id?
Inaba
Legendary
*
Offline Offline

Activity: 1260



View Profile WWW
January 03, 2012, 11:46:49 PM
 #13

EMC has a wallet lock feature and notification via email and SMS on account change.  Wallet locks for 24 hours after a change to the account if activated and can not be disabled.

If you're searching these lines for a point, you've probably missed it.  There was never anything there in the first place.
kinlo
Sr. Member
****
Offline Offline

Activity: 263


Pool operator of Triplemining.com


View Profile
January 08, 2012, 04:52:24 PM
 #14

triplemining locks payouts for 24h after wallet change. You will get an email too
doublec
Legendary
*
Offline Offline

Activity: 1078


View Profile
January 09, 2012, 04:56:33 AM
 #15

mmpool doesn't allow changing of addresses at all. You have to re-register with new addresses. Registration is light weight in that you only need a username, no password or email address, so it's not too much of a burden. I did it this way to avoid the "hack account, change address" which seems to occur occasionally in places.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!