theymos (OP)
Administrator
Legendary
 Offline
Activity: 5376
Merit: 13373
|
 |
October 19, 2014, 03:49:15 AM |
|
Whenever a user changes his own password or resets his account (via email or secret question), this action is now publicly logged here for 30 days: https://bitcointalk.org/seclog.phpAdditionally, these same actions will be listed on the person's Trust page. A reset will be shown for 30 days, while a password change will be shown for 3 days. This should make it easier to determine whether an account has been compromised. |
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
marcotheminer
Legendary
Offline
Activity: 2072
Merit: 1049
┴puoʎǝq ʞool┴
|
|
October 19, 2014, 07:18:08 AM |
|
Thank you for taking this initiative, smart decision!
|
|
|
|
|
redsn0w
Legendary
Offline
Activity: 1778
Merit: 1043
#Free market
|
|
October 19, 2014, 09:12:26 AM |
|
Whenever a user changes his own password or resets his account (via email or secret question), this action is now publicly logged here for 30 days: https://bitcointalk.org/seclog.phpAdditionally, these same actions will be listed on the person's Trust page. A reset will be shown for 30 days, while a password change will be shown for 3 days. This should make it easier to determine whether an account has been compromised. This is a great idea and "tool" , thanks . |
|
|
|
|
hilariousandco
Global Moderator
Legendary
Offline
Activity: 3990
Merit: 2713
Join the world-leading crypto sportsbook NOW!
|
|
October 19, 2014, 09:20:08 AM |
|
Yeah, very useful. Though maybe you should change the colour of the warning This user's password was reset recently to red and make it a little larger. The yellow is hard to see, at least on my phone.
|
|
|
|
Shogen
Legendary
Offline
Activity: 966
Merit: 1001
|
|
October 19, 2014, 09:40:03 AM |
|
Thanks for the new feature, theymos. Yeah, very useful. Though maybe you should change the colour of the warning This user's password was reset recently to red and make it a little larger. The yellow is hard to see, at least on my phone.
The warning message is in orange for me. Did theymos change it after reading your feedback?  |
|
|
|
hilariousandco
Global Moderator
Legendary
Offline
Activity: 3990
Merit: 2713
Join the world-leading crypto sportsbook NOW!
|
|
October 19, 2014, 09:57:00 AM |
|
It might have just been orange actually. It's still a bit hard to notice as the orange though.
|
|
|
|
shorena
Copper Member
Legendary
Offline
Activity: 1498
Merit: 1540
No I dont escrow anymore.
|
|
October 19, 2014, 10:01:35 AM |
|
 Yep orange, way better than the yellow  but I also think that it should be little bigger. |
Im not really here, its just your imagination.
|
|
|
PistolPete
Member
Offline
Activity: 90
Merit: 10
|
|
October 19, 2014, 10:16:04 AM |
|
Good feature.
What happens if the account is hacked but the password is deliberately not changed? There are a lot whose accounts are lying inactive so wouldn't check on it.
|
|
|
|
|
redsn0w
Legendary
Offline
Activity: 1778
Merit: 1043
#Free market
|
|
October 19, 2014, 10:20:06 AM |
|
Yep orange, way better than the yellow but I also think that it should be little bigger. I think (as hilariousandco) that the write should be changed to : This user's password was reset recently. |
|
|
|
|
|
Muhammed Zakir
|
 |
October 19, 2014, 10:41:12 AM |
|
Thanks for this! It will be helpful! Yep orange, way better than the yellow but I also think that it should be little bigger. I think (as hilariousandco) that the write should be changed to : This user's password was reset recently. Orange is okay but making the font a bit bigger would be good. ~~MZ~~ |
|
|
|
hilariousandco
Global Moderator
Legendary
Offline
Activity: 3990
Merit: 2713
Join the world-leading crypto sportsbook NOW!
|
|
October 19, 2014, 10:57:23 AM |
|
Good feature.
What happens if the account is hacked but the password is deliberately not changed? There are a lot whose accounts are lying inactive so wouldn't check on it.
I don't think this is something we have to worry about. Someone isn't going to go to the trouble of hacking your account and then not change the password. If it's not changed then you still have control of the account until someone does change it. The original owner is going to notice something is amiss, and if it's an old inactive account then I don't see the big problem, but there's nothing that could be done about that anyway unless someone notices something fishy about the account. |
|
|
|
🏰 TradeFortress 🏰
Bitcoin Veteran
VIP
Legendary
Offline
Activity: 1316
Merit: 1043
👻
|
|
October 19, 2014, 11:01:10 AM |
|
If you're investing development effort here for account security, how about implementing 2FA? I really don't understand the apparent aversion of 2FA.
|
|
|
|
|
|
Muhammed Zakir
|
|
October 19, 2014, 11:13:51 AM |
|
If you're investing development effort here for account security, how about implementing 2FA? I really don't understand the apparent aversion of 2FA.
He said, it will be implemented in the New Forum. ~~MZ~~ |
|
|
|
🏰 TradeFortress 🏰
Bitcoin Veteran
VIP
Legendary
Offline
Activity: 1316
Merit: 1043
👻
|
|
October 19, 2014, 11:22:02 AM |
|
He said, it will be implemented in the New Forum. ~~MZ~~ Implementing TOTP 2FA is significantly more effective than implementing a password reset log. |
|
|
|
|
hilariousandco
Global Moderator
Legendary
Offline
Activity: 3990
Merit: 2713
Join the world-leading crypto sportsbook NOW!
|
|
October 19, 2014, 11:44:31 AM |
|
He said, it will be implemented in the New Forum. ~~MZ~~ Implementing TOTP 2FA is significantly more effective than implementing a password reset log. And I imagine setting up 2F is significantly more work than implementing a simple password reset log. Shouldn't be too long for the new forum now anyway. |
|
|
|
|
anujjain
|
|
October 19, 2014, 01:03:22 PM |
|
This feature will help so much atleast for who try to hack and using for scam.
|
|
|
|
|
|
Muhammed Zakir
|
 |
October 19, 2014, 04:38:20 PM |
|
He said, it will be implemented in the New Forum. ~~MZ~~ Implementing TOTP 2FA is significantly more effective than implementing a password reset log. And I imagine setting up 2F is significantly more work than implementing a simple password reset log. Shouldn't be too long for the new forum now anyway. I would like to have bitcoin 2FA too though an option to choose Google Authenticator and BTC 2FA would be good. Suggestions are welcome! ~~MZ~~ |
|
|
|
|
santaClause
|
|
October 19, 2014, 05:10:40 PM |
|
Whenever a user changes his own password or resets his account (via email or secret question), this action is now publicly logged here for 30 days: https://bitcointalk.org/seclog.phpAdditionally, these same actions will be listed on the person's Trust page. A reset will be shown for 30 days, while a password change will be shown for 3 days. This should make it easier to determine whether an account has been compromised. Would it be possible to not disclose how a password is reset (email verses secret question). If this is disclosed then the fact that someone has a secret question which would make their account more vulnerable to getting hacked. Removing the disclosure of what method was used to to reset a password would remove this vulnerability. |
|
|
|
|
BombaUcigasa
Legendary
Offline
Activity: 1442
Merit: 1005
|
|
October 19, 2014, 06:51:39 PM |
|
Whenever a user changes his own password or resets his account (via email or secret question), this action is now publicly logged here for 30 days: https://bitcointalk.org/seclog.phpAdditionally, these same actions will be listed on the person's Trust page. A reset will be shown for 30 days, while a password change will be shown for 3 days. This should make it easier to determine whether an account has been compromised. OMG, thanks theymos, we can finally change our ava..... oh... Good implementation idea... |
|
|
|
|
greatwolf_
Newbie
Offline
Activity: 50
Merit: 0
|
|
October 19, 2014, 07:14:41 PM |
|
And I imagine setting up 2F is significantly more work than implementing a simple password reset log. Shouldn't be too long for the new forum now anyway.
You mean the new forum that's supposedly in the works since jan 2013? Frankly, I don't understand why there's a need to design a completely new forum software from scratch when there are many off-the-shelve open-source choices available. It would save so much time going with one of them that closely fits the requirements and just customize and mod it to fit our purposes. PS. I'm still waiting for a reply to my PM on my hacked account btw. |
|
|
|
|
|
