Bitcoin Forum
July 17, 2018, 12:04:05 PM *
News: Latest stable version of Bitcoin Core: 0.16.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: How to reset/disable secret security answer?  (Read 960 times)
SureLockLoans
Sr. Member
****
Offline Offline

Activity: 285
Merit: 250



View Profile
January 17, 2015, 12:28:42 PM
 #1

I've set the security question on my account and I've read its not recommended even though noo one would possibly guess it how can I reset/disable it?

The World's Betting Exchange

Bet with play money. Win real Bitcoin. 5BTC Prize Fund for World Cup 2018.

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1531829045
Hero Member
*
Offline Offline

Posts: 1531829045

View Profile Personal Message (Offline)

Ignore
1531829045
Reply with quote  #2

1531829045
Report to moderator
SureLockLoans
Sr. Member
****
Offline Offline

Activity: 285
Merit: 250



View Profile
January 17, 2015, 05:38:03 PM
 #2

Is it even possible to reset the security question here or am I just missing something? I searched the forums via google and cant find anyone mentioning reseting the question any staff have any input?

KIRAZ
Sr. Member
****
Offline Offline

Activity: 392
Merit: 250


View Profile
January 17, 2015, 05:40:17 PM
 #3

To change just put a new questions and answer in your profile. Enter you password and hit Change profile.
That's how you can change it. Profile - Account Related Settings - Secret Question:
MakeBelieve
Hero Member
*****
Offline Offline

Activity: 602
Merit: 500


View Profile
January 18, 2015, 12:44:46 AM
 #4

once you have set it you can only change it again and not reset. well it least used to be like that when i was a moderator on a smf gaming forum.

On a mission to make Bitcointalk.org Marketplace a safer place to Buy/Sell/Trade
Quickseller
Copper Member
Legendary
*
Offline Offline

Activity: 1470
Merit: 1095


Hire BOUNTYPORTALS>Bounty management goo.gl/pSzJuA


View Profile WWW
January 18, 2015, 01:08:24 AM
 #5

Just delete it. Make sure nothing is there in either the security question nor the security answer. Then enter your password and click Change Profile.

You are right, you really should not be using a security question

3PjXm2XYDKLV5mN3oiKzNTyVvSkqP3ujeq <-- tipping address Advertise here
SureLockLoans
Sr. Member
****
Offline Offline

Activity: 285
Merit: 250



View Profile
January 18, 2015, 01:12:34 AM
 #6

Just delete it. Make sure nothing is there in either the security question nor the security answer. Then enter your password and click Change Profile.

You are right, you really should not be using a security question

thanks!

can I get confimation from the staff that this actually works though because I dont want to do it and then someone just enters with it left blank and can get access.

theymos
Administrator
Legendary
*
Offline Offline

Activity: 3080
Merit: 3265


View Profile
January 18, 2015, 06:39:57 AM
 #7

Yes, just keep it blank. Make sure that the secret question area isn't full of whitespace characters. (Spaces don't count, but some other whitespace/invisible characters do.)

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
sho_road_warrior
Member
**
Offline Offline

Activity: 114
Merit: 10

PMs blocked, send answers to main.


View Profile
January 18, 2015, 07:54:38 AM
 #8

-snip-
You are right, you really should not be using a security question

If used correctly it can work as a second password. A security question which has an answer that can easily obtained by social engineering and/or research online is certainly worthless. Examples would be:
What is your mothers maiden name? -> answer: *mothers maiden name*
What is the name of your first pet? -> answer: *name of first pet*
etc.
A good use of the system would be to phrase a meaningless question and put another password as the answer, e.g.:
Want some coffee? -> answer: *WtQjXeWGHSYmJuFEDvzBa2V*

If you store the answer in a secure location you have a fallback login should you ever forget your usual password.

┏(-_-)┛┗(-_- )┓┗(-_-)┛┏(-_-)┓
madmax6688
Full Member
***
Offline Offline

Activity: 215
Merit: 100


View Profile
January 18, 2015, 09:53:49 AM
 #9

-snip-
You are right, you really should not be using a security question

If used correctly it can work as a second password. A security question which has an answer that can easily obtained by social engineering and/or research online is certainly worthless. Examples would be:
What is your mothers maiden name? -> answer: *mothers maiden name*
What is the name of your first pet? -> answer: *name of first pet*
etc.
A good use of the system would be to phrase a meaningless question and put another password as the answer, e.g.:
Want some coffee? -> answer: *WtQjXeWGHSYmJuFEDvzBa2V*

If you store the answer in a secure location you have a fallback login should you ever forget your usual password.

Instead just use an email, security questions aren't really needed if you use a strong email.
sho_road_warrior
Member
**
Offline Offline

Activity: 114
Merit: 10

PMs blocked, send answers to main.


View Profile
January 18, 2015, 11:10:12 AM
 #10

-snip-
Instead just use an email, security questions aren't really needed if you use a strong email.

As we have seen recently with the GMX related hacks your email might not as strong as you think it is. The security of your email depends on a 3rd party. They might do a poor job. Especially if you are not even paying them for their services, they might be lacking the motivation and means to thoroughly protect their servers and customers. Google seems to be different in that regard though.

┏(-_-)┛┗(-_- )┓┗(-_-)┛┏(-_-)┓
SebastianJu
Legendary
*
Offline Offline

Activity: 2156
Merit: 1013


Legendary Escrow Service - Tip Jar in Profile


View Profile WWW
July 22, 2015, 10:53:42 AM
 #11

-snip-
You are right, you really should not be using a security question

If used correctly it can work as a second password. A security question which has an answer that can easily obtained by social engineering and/or research online is certainly worthless. Examples would be:
What is your mothers maiden name? -> answer: *mothers maiden name*
What is the name of your first pet? -> answer: *name of first pet*
etc.
A good use of the system would be to phrase a meaningless question and put another password as the answer, e.g.:
Want some coffee? -> answer: *WtQjXeWGHSYmJuFEDvzBa2V*

If you store the answer in a secure location you have a fallback login should you ever forget your usual password.

Old thread, i know, but i sat up a security question the way you wrote. I entered a strong password as the answer. I thought it might be good to have a higher level of security though now i wondered if thats the case at all.

Is the secret answer treated the same way like the password? I mean hashed and all? Or did i open a security hole now?

Besides that, i start to ask if i can raise security with it at all. I mean if you have 2 passwords or one doesnt really make a difference when you can use both on its own.

Please ALWAYS contact me through bitcointalk pm before sending someone coins.
shorena
Copper Member
Legendary
*
Offline Offline

Activity: 1470
Merit: 1236


No I dont escrow anymore.


View Profile WWW
July 22, 2015, 02:50:11 PM
 #12

-snip-
You are right, you really should not be using a security question

If used correctly it can work as a second password. A security question which has an answer that can easily obtained by social engineering and/or research online is certainly worthless. Examples would be:
What is your mothers maiden name? -> answer: *mothers maiden name*
What is the name of your first pet? -> answer: *name of first pet*
etc.
A good use of the system would be to phrase a meaningless question and put another password as the answer, e.g.:
Want some coffee? -> answer: *WtQjXeWGHSYmJuFEDvzBa2V*

If you store the answer in a secure location you have a fallback login should you ever forget your usual password.

Old thread, i know, but i sat up a security question the way you wrote. I entered a strong password as the answer. I thought it might be good to have a higher level of security though now i wondered if thats the case at all.

Is the secret answer treated the same way like the password? I mean hashed and all? Or did i open a security hole now?

Besides that, i start to ask if i can raise security with it at all. I mean if you have 2 passwords or one doesnt really make a difference when you can use both on its own.

As we learned from the last hack, theymos adviced to not use the secret question any longer as it indeed does not meet the same security features as the password.

On May 22 at 00:56 UTC, an attacker gained root access to the forum's server. He then proceeded to try to acquire a dump of the forum's database before I noticed this at around 1:08 and shut down the server. In the intervening time, it seems that he was able to collect some or all of the "members" table. You should assume that the following information about your account was leaked:
- Email address
- Password hash (see below)
- Last-used IP address and registration IP address
- Secret question and a basic (not brute-force-resistant) hash of your secret answer
- Various settings

As such, you should change your password here and anywhere else you used that same password. You should disable your secret question and assume that the attacker now knows your answer to your secret question. You should prepare to receive phishing emails at your forum email address.
-snip-

In terms of "how to disable it" the answer was given to remove every symbol (including whitespaces, so make sure you delete everything) and save changes.
BadBear
v2.0
Legendary
*
Offline Offline

Activity: 1652
Merit: 1005



View Profile WWW
July 22, 2015, 04:16:50 PM
 #13

Regarding the OP, it was changed recently, don't think it was ever mentioned, but it now has red text to the left, under the descriptive text for the Answer field.
"You have a secret question set. This is not recommended."

It goes away if there is no question set.


1Kz25jm6pjNTaz8bFezEYUeBYfEtpjuKRG | PGP: B5797C4F

Tired of annoying signature ads? Ad block for signatures
SebastianJu
Legendary
*
Offline Offline

Activity: 2156
Merit: 1013


Legendary Escrow Service - Tip Jar in Profile


View Profile WWW
July 22, 2015, 07:29:29 PM
 #14

Ok, ill disable it instantly. I was of the impression that this red text is only showing up because the normal use of such a question is to set up something you know and can remember, which might mean hacker can guess what you used as the answer.

Disabling now... might be better to disable that function completely then.

Please ALWAYS contact me through bitcointalk pm before sending someone coins.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!