MtGox and 2 Factor Authentication

[jcp]

We are preparing options to force delays on Bitcoins (rule set depending on aggregated 24 hours transfer amount - option configurable from the user) and emergency account lockout (that would automatically cancel any delayed transfer).

Be sure to let it be configurable to at least 72+ hours if the user so desires. In financial markets 3 days as a standard clearing time has a particular history and is a standard for many markets, probably because it's 1 full working day plus the 2 weekend days (as people do not pay close attention over the weekend).

[1714072223]

1714072223

[1714072223]

1714072223

[1714072223]

1714072223

[1714072223]

1714072223

[no name]

We are preparing options to force delays on Bitcoins (rule set depending on aggregated 24 hours transfer amount - option configurable from the user) and emergency account lockout (that would automatically cancel any delayed transfer).

bump!

[kokojie]

We regret to inform you that there has been another huge breach of Bitcoinica. While all passwords were changed after the theft which occurred May 11th, the password for LastPass was not compromised and thus left unchanged. The breach today occured because the password for LastPass was in fact a duplicate password which had been compromised during the hack.

Unbeknownst to us, Tihan was using the mtgox api key as the password for a website called LastPass.

Holy shit, how fucking stupid can a person be, I'd like to know what kind of fucked up logic this person used to decide that: hey I'll just use my fucking mtgox api key as my lastpass master password, which leads to ALL my other passwords. Oh and let's not change the lastpass master password, because hey there's 0.001% chance that it didn't get compromised after our first hack, so let's take that chance. Oh shit, it did get compromised in the first round of hacks, now the hacker has all the password + mtgox api key, because some fucktard decided to re-use passwords.