Bitcoin Forum>Economy>Trading Discussion
Author

Topic: An idea to secure online platforms (Read 784 times)

Birdy
sr. member
Activity: 364
Merit: 250
An idea to secure online platforms
April 18, 2013, 05:00:12 PM
#10
Quote from: aes1 on April 18, 2013, 01:28:14 AM
Quote from: Birdy on April 17, 2013, 04:47:48 PM
Quote from: TiagoTiago on April 17, 2013, 04:32:25 PM
It also reduces the usefulness of online wallets a lot. I mean, if you can't send money to anyone else, even people on the same service, it's almost like your online wallet isn't online at all, but on a flash drive cleverly hidden somewhere in your kitchen...

Well, if you have this is as nonmandatory option, then your onlinewallet can be both. You could have one wallet with more flexibilaty and/or one with more safety.
This is desireable, isn't it?

Actually, now that I think again... Suppose you decide to hack into and steal money from an online wallet service. Which is a more likely target: an online wallet with mandatory secure measures, or one without them?


Well that's a trade security vs useability (dunnow if it's worth it or not, maybe).
It could be the standard option - so most users would have it on and only some that dislike it don't have it, if it's mandatory some users might dislike this due to having to send BC two times.
Or there could be other methods offered for those who don't like it (people love having a choice ^^)

 
aes1
member
Activity: 66
Merit: 10
Re: An idea to secure online platforms
April 18, 2013, 01:28:14 AM
#9
Quote from: Birdy on April 17, 2013, 04:47:48 PM
Quote from: TiagoTiago on April 17, 2013, 04:32:25 PM
It also reduces the usefulness of online wallets a lot. I mean, if you can't send money to anyone else, even people on the same service, it's almost like your online wallet isn't online at all, but on a flash drive cleverly hidden somewhere in your kitchen...

Well, if you have this is as nonmandatory option, then your onlinewallet can be both. You could have one wallet with more flexibilaty and/or one with more safety.
This is desireable, isn't it?

Actually, now that I think again... Suppose you decide to hack into and steal money from an online wallet service. Which is a more likely target: an online wallet with mandatory secure measures, or one without them?
aes1
member
Activity: 66
Merit: 10
Re: An idea to secure online platforms
April 18, 2013, 01:24:08 AM
#8
It like the idea.

That's also how the majority of Finnish money-handling companies (such as stock trading services and investment banks) operate with bank accounts: you have to register a withdrawal account that is only changeable by a stronger method of authentication than usual.

Of course, I'm all for letting the user decide the balance of security vs. convenience. But it's the service's responsibility to remind the user that relying on a password only is a bad idea. Java applet vulnerabilities, stolen password databases, keyloggers, man-in-the-middle attacks, DNS spoofing... the risks are quite real.
Birdy
sr. member
Activity: 364
Merit: 250
Re: An idea to secure online platforms
April 17, 2013, 04:47:48 PM
#7
Quote from: TiagoTiago on April 17, 2013, 04:32:25 PM
Quote from: Birdy on April 17, 2013, 04:21:30 PM
Ok, there is one disadvantage, if you want to send those coins to someone else, you will have to wait two times for transaction.
But I still think it would be a pretty strong optional security feature, there are a lot of people that are satisfied with sending the coints to some fixed adresses.
It also reduces the usefulness of online wallets a lot. I mean, if you can't send money to anyone else, even people on the same service, it's almost like your online wallet isn't online at all, but on a flash drive cleverly hidden somewhere in your kitchen...

Well, if you have this is as nonmandatory option, then your onlinewallet can be both. You could have one wallet with more flexibilaty and/or one with more safety.
This is desireable, isn't it?
TiagoTiago
hero member
Activity: 616
Merit: 500
Firstbits.com/1fg4i :)
Re: An idea to secure online platforms
April 17, 2013, 04:32:25 PM
#6
Quote from: Birdy on April 17, 2013, 04:21:30 PM
Ok, there is one disadvantage, if you want to send those coins to someone else, you will have to wait two times for transaction.
But I still think it would be a pretty strong optional security feature, there are a lot of people that are satisfied with sending the coints to some fixed adresses.
It also reduces the usefulness of online wallets a lot. I mean, if you can't send money to anyone else, even people on the same service, it's almost like your online wallet isn't online at all, but on a flash drive cleverly hidden somewhere in your kitchen...
Birdy
sr. member
Activity: 364
Merit: 250
Re: An idea to secure online platforms
April 17, 2013, 04:21:30 PM
#5
Ok, there is one disadvantage, if you want to send those coins to someone else, you will have to wait two times for transaction.
But I still think it would be a pretty strong optional security feature, there are a lot of people that are satisfied with sending the coints to some fixed adresses.
Birdy
sr. member
Activity: 364
Merit: 250
Re: An idea to secure online platforms
April 17, 2013, 12:29:54 PM
#4
shameless bump
Birdy
sr. member
Activity: 364
Merit: 250
Re: An idea to secure online platforms
April 17, 2013, 10:30:21 AM
#3
Quote from: empoweoqwj on April 17, 2013, 10:15:36 AM
Simpler idea - don't store your bitcoins online
Even simpler idea - have no money *facepalm*

There are lot of reason to have some online.
Also this method should be quite secure.

You could also use it for the fiat money accounts.
empoweoqwj
hero member
Activity: 518
Merit: 500
Re: An idea to secure online platforms
April 17, 2013, 10:15:36 AM
#2
Simpler idea - don't store your bitcoins online
Birdy
sr. member
Activity: 364
Merit: 250
Re: An idea to secure online platforms
April 17, 2013, 10:12:21 AM
#1
I have an idea to make online platforms more secure against hacking attempts:

The user setups a fixed outgoing Bitcoin adress.
Whenever he wants to receive funds, it can only go to this adress.
He is able to change this adress, BUT it takes a set amount of time until the new adress is accepted and the user also get notified about this change (mail, sms whatever).

If your account is hacked, because your password was stolen, the hacker cannot do a thing to your money.
(In case of exchange platforms, he still is able to do some damage, but at least it's a bit harder)


Some more deails:
If you want to let the user choose the amount of time, changing this will also take effect according to the old timer.
If the mailadress/mobile number is changed, there also needs to be notification to the old adresses.
You could also allow more than one adress, if you apply the same rules to them.

-> The idea is simple, easy and cheap to implement and offers a great deal of security, while giving the user nearly no trouble.

(If you use this idea to a success, tip me a good deal xD)
Bitcoin Forum>Economy>Trading Discussion
Jump to: