Additional security measures to keep account secure - page 2.

dimonstration

hero member

Activity: 2562

Merit: 659

Dimon6969

Quote from: krishnaverma on August 27, 2022, 06:02:20 AM

In order to reduce or limit the hacking of bitcointalk accounts, more security features can be introduced. I am also adding one suggestion here to get this thread started:

There should be option for high rank members to activate email verification. From time to time, when the member logs in using the username and password, it should send an code to the email to be entered on bitcointalk for login. While login, there should be option to trust the device for some days so that it does not affect user experience.

Same way, other security features can also be implemented. Let us discuss these in this thread.

I’m using Bitcointalk forum for about 6 years without experiencing any hack incident in my account. I think having a secured password and 2fa is enough to make Bitcointalk account safe because there’s no money that needs to protect on this account besides account reputation which can be easily spot if the account suddenly do shady activities.

Hacking event usually happened on accounts that use a weak password or click phishing links.

BitcoinGirl.Club

legendary

Activity: 2702

Merit: 2645

Farewell LEO: o_e_l_e_o

Quote from: krishnaverma on August 27, 2022, 06:02:20 AM

There should be option for high rank members to activate email verification.

You are telling the forum to give our data to email service providers like Gmail, Yahoo or whatever the provider. They get the IP and other log that we have an account in the forum. No, it's not gonna happen.

We are still in pain that Theymos is using cloudeflare. I have no idea who are our hosting service provider though. I hope files are hosted in private virtual machine.

For account security, staking a bitcoin address to use for proof of ownership is the best idea so far.

Quote from: Upgrade00 on August 27, 2022, 11:19:47 AM

[...]
I don't have stats to back up my claim, but I assume that majority of account breaches are a result of users entering their passwords into phishing websites and not brute force.

If you give information of your passphrase to hacker then your bitcoin are not safe in your hand. The same applies in forum account too. But say you get phished. As long as you have bitcoin address staked, you can provide proof of authentication anytime and get your account back.

Upgrade00

legendary

Activity: 2030

Merit: 2174

Professional Community manager

Quote from: Lucius on August 27, 2022, 10:33:05 AM

IThe vast majority of others have never had such a problem because they know that each password should be unique and long enough to prevent someone from accidentally guessing it or breaking it with the brute force method.

I don't have stats to back up my claim, but I assume that majority of account breaches are a result of users entering their passwords into phishing websites and not brute force.

There are constant reminder on various websites when signing up on the importance of password strength, with many requiring lower and uppercase letters, special symbols, and numbers, so people are more likely to pick up on this, but proper security while on the internet is not talked about enough. So, someone can easily enter their passwords into an unverified website.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

I will never say that 2FA is a bad option (as a choice) in the additional protection of BTT accounts, but as far as my memory serves, from 2015 to today there were less than 10 hacking of accounts of members who are somewhat important and were or are now Hero&Legendary members. The vast majority of others have never had such a problem because they know that each password should be unique and long enough to prevent someone from accidentally guessing it or breaking it with the brute force method.

Those who use passwords like John1234 or ILoveBitcoin or store them in the cloud/email in unencrypted form will not be helped by any additional protection.

tranthidung

legendary

Activity: 2170

Merit: 3858

Farewell o_e_l_e_o

Quote from: Stalker22 on August 27, 2022, 07:48:05 AM

2FA should be more than enough for an extra security measure.

2FA is helpful but it is never a silver bullet.

Quote

Even if someone steals your password or finds a way to break into your account, 2FA (one time password) on your account protects you against such attacks. In case you lose your password, you can still reset it by entering a valid email and a 2FA code.

Depends on how you install (where) your 2FA app, where you save your 2FA backup code and same for email password, email 2FA.

If you log in all accounts on same device, store backup, install 2FA application on the same device as well, its usefulness decreases a lot.

Stalker22

legendary

Activity: 1484

Merit: 1355

2FA should be more than enough for an extra security measure. Even if someone steals your password or finds a way to break into your account, 2FA (one time password) on your account protects you against such attacks. In case you lose your password, you can still reset it by entering a valid email and a 2FA code. Of course, there is no such thing as 100% security, but this should definitely help a lot.

Z-tight

hero member

Activity: 854

Merit: 1031

Only BTC

The bitcoin technology lays it upon its users to be responsible for the security of their money if they must use the network, i am not sure at all, but maybe that is why the forum does not have any additional security measure in this version as this is a bitcoin forum, but i have read some discussions about it here and i feel it will be added in the new forum software whenever it is completed and implemented.

Though before the new forum software is implemented: you can be your own addidional security measure

tranthidung

legendary

Activity: 2170

Merit: 3858

Farewell o_e_l_e_o

Quote from: krishnaverma on August 27, 2022, 06:02:20 AM

There should be option for high rank members to activate email verification. From time to time, when the member logs in using the username and password, it should send an code to the email to be entered on bitcointalk for login. While login, there should be option to trust the device for some days so that it does not affect user experience.

Imagine if they let their accounts hacked, they would easily let their emails hacked as well. The main causal reason is they are very careless when surfing on the Internet, on social media, via messenger applications, emails, and so on.

So adding the email verification does not make much sense.

Quote

Same way, other security features can also be implemented

There has been many request for 2FA but it won't be implemented in SMF forum (this one). It can be done in the new forum software (Epochtalk) but that new software has yet been completed.

Solosanz

hero member

Activity: 770

Merit: 556

Quote from: krishnaverma on August 27, 2022, 06:02:20 AM

There should be option for high rank members to activate email verification. From time to time, when the member logs in using the username and password, it should send an code to the email to be entered on bitcointalk for login.

Not a bad idea, bad the downside is more users are likely lost access and will ask a way to recover his account. Since this make the email is really important in this forum where each time login need to input verification code, I highly suggest to remove email address show to public in order to make it more secure.

Quote

While login, there should be option to trust the device for some days so that it does not affect user experience.

Did you mean we're only allowed to log in with an old device? I disagree since each device has a lifespan where you will need to change device for every few years.

krishnaverma

full member

Activity: 1274

Merit: 106

In order to reduce or limit the hacking of bitcointalk accounts, more security features can be introduced. I am also adding one suggestion here to get this thread started:

There should be option for high rank members to activate email verification. From time to time, when the member logs in using the username and password, it should send an code to the email to be entered on bitcointalk for login. While login, there should be option to trust the device for some days so that it does not affect user experience.

Same way, other security features can also be implemented. Let us discuss these in this thread.

Topic: Additional security measures to keep account secure - page 2. (Read 321 times)