Bitcoin Forum
October 23, 2017, 06:27:36 AM *
News: Latest stable version of Bitcoin Core: 0.15.0.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: How to reset/disable secret security answer?  (Read 931 times)
SureLockLoans
Member
**
Offline Offline

Activity: 119


View Profile
January 17, 2015, 12:28:42 PM
 #1

I've set the security question on my account and I've read its not recommended even though noo one would possibly guess it how can I reset/disable it?

Address: 1DeP42BefLCmaGSLuuF1qGnaxnEVLwNhkP
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1508740056
Hero Member
*
Offline Offline

Posts: 1508740056

View Profile Personal Message (Offline)

Ignore
1508740056
Reply with quote  #2

1508740056
Report to moderator
1508740056
Hero Member
*
Offline Offline

Posts: 1508740056

View Profile Personal Message (Offline)

Ignore
1508740056
Reply with quote  #2

1508740056
Report to moderator
SureLockLoans
Member
**
Offline Offline

Activity: 119


View Profile
January 17, 2015, 05:38:03 PM
 #2

Is it even possible to reset the security question here or am I just missing something? I searched the forums via google and cant find anyone mentioning reseting the question any staff have any input?

Address: 1DeP42BefLCmaGSLuuF1qGnaxnEVLwNhkP
KIRAZ
Sr. Member
****
Offline Offline

Activity: 392


View Profile
January 17, 2015, 05:40:17 PM
 #3

To change just put a new questions and answer in your profile. Enter you password and hit Change profile.
That's how you can change it. Profile - Account Related Settings - Secret Question:
MakeBelieve
Hero Member
*****
Offline Offline

Activity: 602


View Profile
January 18, 2015, 12:44:46 AM
 #4

once you have set it you can only change it again and not reset. well it least used to be like that when i was a moderator on a smf gaming forum.

On a mission to make Bitcointalk.org Marketplace a safer place to Buy/Sell/Trade
Quickseller
Legendary
*
Offline Offline

Activity: 1204

#PathOfTotality


View Profile WWW
January 18, 2015, 01:08:24 AM
 #5

Just delete it. Make sure nothing is there in either the security question nor the security answer. Then enter your password and click Change Profile.

You are right, you really should not be using a security question

SureLockLoans
Member
**
Offline Offline

Activity: 119


View Profile
January 18, 2015, 01:12:34 AM
 #6

Just delete it. Make sure nothing is there in either the security question nor the security answer. Then enter your password and click Change Profile.

You are right, you really should not be using a security question

thanks!

can I get confimation from the staff that this actually works though because I dont want to do it and then someone just enters with it left blank and can get access.

Address: 1DeP42BefLCmaGSLuuF1qGnaxnEVLwNhkP
theymos
Administrator
Legendary
*
Offline Offline

Activity: 2814


View Profile
January 18, 2015, 06:39:57 AM
 #7

Yes, just keep it blank. Make sure that the secret question area isn't full of whitespace characters. (Spaces don't count, but some other whitespace/invisible characters do.)

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
sho_road_warrior
Member
**
Offline Offline

Activity: 115

PMs blocked, send answers to main.


View Profile
January 18, 2015, 07:54:38 AM
 #8

-snip-
You are right, you really should not be using a security question

If used correctly it can work as a second password. A security question which has an answer that can easily obtained by social engineering and/or research online is certainly worthless. Examples would be:
What is your mothers maiden name? -> answer: *mothers maiden name*
What is the name of your first pet? -> answer: *name of first pet*
etc.
A good use of the system would be to phrase a meaningless question and put another password as the answer, e.g.:
Want some coffee? -> answer: *WtQjXeWGHSYmJuFEDvzBa2V*

If you store the answer in a secure location you have a fallback login should you ever forget your usual password.

┏(-_-)┛┗(-_- )┓┗(-_-)┛┏(-_-)┓
madmax6688
Full Member
***
Offline Offline

Activity: 217


View Profile
January 18, 2015, 09:53:49 AM
 #9

-snip-
You are right, you really should not be using a security question

If used correctly it can work as a second password. A security question which has an answer that can easily obtained by social engineering and/or research online is certainly worthless. Examples would be:
What is your mothers maiden name? -> answer: *mothers maiden name*
What is the name of your first pet? -> answer: *name of first pet*
etc.
A good use of the system would be to phrase a meaningless question and put another password as the answer, e.g.:
Want some coffee? -> answer: *WtQjXeWGHSYmJuFEDvzBa2V*

If you store the answer in a secure location you have a fallback login should you ever forget your usual password.

Instead just use an email, security questions aren't really needed if you use a strong email.
sho_road_warrior
Member
**
Offline Offline

Activity: 115

PMs blocked, send answers to main.


View Profile
January 18, 2015, 11:10:12 AM
 #10

-snip-
Instead just use an email, security questions aren't really needed if you use a strong email.

As we have seen recently with the GMX related hacks your email might not as strong as you think it is. The security of your email depends on a 3rd party. They might do a poor job. Especially if you are not even paying them for their services, they might be lacking the motivation and means to thoroughly protect their servers and customers. Google seems to be different in that regard though.

┏(-_-)┛┗(-_- )┓┗(-_-)┛┏(-_-)┓
SebastianJu
Legendary
*
Offline Offline

Activity: 1932


Legendary Escrow Service - Tip Jar in Profile


View Profile WWW
July 22, 2015, 10:53:42 AM
 #11

-snip-
You are right, you really should not be using a security question

If used correctly it can work as a second password. A security question which has an answer that can easily obtained by social engineering and/or research online is certainly worthless. Examples would be:
What is your mothers maiden name? -> answer: *mothers maiden name*
What is the name of your first pet? -> answer: *name of first pet*
etc.
A good use of the system would be to phrase a meaningless question and put another password as the answer, e.g.:
Want some coffee? -> answer: *WtQjXeWGHSYmJuFEDvzBa2V*

If you store the answer in a secure location you have a fallback login should you ever forget your usual password.

Old thread, i know, but i sat up a security question the way you wrote. I entered a strong password as the answer. I thought it might be good to have a higher level of security though now i wondered if thats the case at all.

Is the secret answer treated the same way like the password? I mean hashed and all? Or did i open a security hole now?

Besides that, i start to ask if i can raise security with it at all. I mean if you have 2 passwords or one doesnt really make a difference when you can use both on its own.

shorena
Legendary
*
Offline Offline

Activity: 1386


ALL escrow is signed! https://keybase.io/verify


View Profile WWW
July 22, 2015, 02:50:11 PM
 #12

-snip-
You are right, you really should not be using a security question

If used correctly it can work as a second password. A security question which has an answer that can easily obtained by social engineering and/or research online is certainly worthless. Examples would be:
What is your mothers maiden name? -> answer: *mothers maiden name*
What is the name of your first pet? -> answer: *name of first pet*
etc.
A good use of the system would be to phrase a meaningless question and put another password as the answer, e.g.:
Want some coffee? -> answer: *WtQjXeWGHSYmJuFEDvzBa2V*

If you store the answer in a secure location you have a fallback login should you ever forget your usual password.

Old thread, i know, but i sat up a security question the way you wrote. I entered a strong password as the answer. I thought it might be good to have a higher level of security though now i wondered if thats the case at all.

Is the secret answer treated the same way like the password? I mean hashed and all? Or did i open a security hole now?

Besides that, i start to ask if i can raise security with it at all. I mean if you have 2 passwords or one doesnt really make a difference when you can use both on its own.

As we learned from the last hack, theymos adviced to not use the secret question any longer as it indeed does not meet the same security features as the password.

On May 22 at 00:56 UTC, an attacker gained root access to the forum's server. He then proceeded to try to acquire a dump of the forum's database before I noticed this at around 1:08 and shut down the server. In the intervening time, it seems that he was able to collect some or all of the "members" table. You should assume that the following information about your account was leaked:
- Email address
- Password hash (see below)
- Last-used IP address and registration IP address
- Secret question and a basic (not brute-force-resistant) hash of your secret answer
- Various settings

As such, you should change your password here and anywhere else you used that same password. You should disable your secret question and assume that the attacker now knows your answer to your secret question. You should prepare to receive phishing emails at your forum email address.
-snip-

In terms of "how to disable it" the answer was given to remove every symbol (including whitespaces, so make sure you delete everything) and save changes.

BadBear
v2.0
Legendary
*
Offline Offline

Activity: 1652



View Profile WWW
July 22, 2015, 04:16:50 PM
 #13

Regarding the OP, it was changed recently, don't think it was ever mentioned, but it now has red text to the left, under the descriptive text for the Answer field.
"You have a secret question set. This is not recommended."

It goes away if there is no question set.


1Kz25jm6pjNTaz8bFezEYUeBYfEtpjuKRG | PGP: B5797C4F

Tired of annoying signature ads? Ad block for signatures
SebastianJu
Legendary
*
Offline Offline

Activity: 1932


Legendary Escrow Service - Tip Jar in Profile


View Profile WWW
July 22, 2015, 07:29:29 PM
 #14

Ok, ill disable it instantly. I was of the impression that this red text is only showing up because the normal use of such a question is to set up something you know and can remember, which might mean hacker can guess what you used as the answer.

Disabling now... might be better to disable that function completely then.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!