Pages:
Author

Topic: Any way to secure forum account? (Read 375 times)

hero member
Activity: 2702
Merit: 716
Nothing lasts forever
January 25, 2021, 10:53:51 PM
#28
~snip

Although, after thinking about it again, seems like i cannot prove my ownership of the account, since anybody could change that exact value once they got in into that account. Oh well, sorry it took me so long to realize Grin

Anyway, thank you for your responses, really appreciate it Cheesy

Trying to recover your old account of Member rank is just a waste of time and effort in my opinion.
You can easily get to member rank within a few months of good effort. You will need just 10 merits and that's not such a difficult job if you put in some efforts.
I see that you have staked your address already which is a good thing. Just make sure to put in some efforts and you will reach Member rank in no time.
All the best and will definitely see you around the forum  Wink
legendary
Activity: 1610
Merit: 1193
Gamble responsibly
January 25, 2021, 09:39:46 PM
#27
You understood the private key, public address and sign message totally inaccurate.
I do not see your corrections as corrections, except the last mistake that I wanted to write all but changed to altcoins which I will still discuss below. You should read carefully before making comment, private key is needed to sign a message, but it will not be included while signing the message it works underneath, only what are included is the address and the message you want to sign.

In order to sign a bitcoin message, you need to have a private key for a public address from which you want to sign a message. In a reverse  way, the sign message is to show you are the owner of that address by owning its private key.
Check what I posted.

Yes that is true that private key is needed to sign a message

It will require you to enter a password of your wallet. This step is mandatory if you encrypted your wallet. It is a prevention to not allow hacker to be freely sign any message when he find your bitcoin wallet file.
Not password but passphrase, know that passwords are not passphrase. It is not also an encryption but a seed extension.

Not all wallets sign a message, not all private keys wallets also sign a message, there are few ones that do it, like electrum and coinomi.
It is not correct (but I don't use Coinomi so I don't know about the wallet). To sign a message, you need a wallet software that support the sign/ verify message feature. The incorrectness is from not all private keys wallets also sign a message, you can import that private key to other wallet softwares to sign a message.
Try to correct when appropriate, what are you talking about? You mean all private key wallet sign a message? What about the private key wallets that do not have the software to sign a message like atomic wallet and many other wallets, only few private key wallets sign a message. Do not correct what is right.

Say not all private key can sign a message, it is totally not correct.
Can atomic wallet sign a message, is it not a private key wallet, you need to understand about wallet before commenting about them because you are absolutely wrong and saying someone is wrong.

All wallets signing a message are altcoins private key wallets while not all private key wallets can sign a message, only few ones do it.
Why altcoins?
Corrected, typo error.

All wallets signing a message are altcoins all private key wallets while not all private key wallets can sign a message, only few ones do it.
hero member
Activity: 1442
Merit: 775
January 25, 2021, 08:29:57 PM
#26
You understood the private key, public address and sign message totally inaccurate.

Yes that is true that private key is needed to sign a message, but Redoubt should know that the private key is not included while signing, what that are included are just 1. The bitcoin address for signing the message 2.
Private key - create public key - create public address

In order to sign a bitcoin message, you need to have a private key for a public address from which you want to sign a message. In a reverse  way, the sign message is to show you are the owner of that address by owning its private key.

I do not see your corrections as corrections, except the last mistake that I wanted to write all but changed to altcoins which I will still discuss below.  
Ok fine man. Your answers show you are wrong again.

Password: Electrum. Passphrase: Bitcoin Core. Two wallets use different words but they serve as traditional password for files that we know.

Bitcoin Core:
https://bitcoin.org/en/wallets/desktop/windows/bitcoincore/
Try to correct when appropriate, what are you talking about? You mean all private key wallet sign a message? What about the private key wallets that do not have the software to sign a message like atomic wallet and many other wallets, only few private key wallets sign a message. You not correct what is right.
I only know deterministic wallet (and hierarchical deterministic or HD wallet), non deterministic wallet, custodial wallet, non custodial wallet.

Mastering bitcoin. Chap. 05 Wallets
Bitcoin.it, Wallet
Custodial vs. Non Custodial Wallets - "Not your keys, not your coin" Explained.

You need to read documents again as I see you love what you typed creatively.

What I wrote could be wrong as I am not a bitcoin developer and I will read documents again if I see I understood incorrectly. I hope you will listen to correct your knowledge when Legendary members comment.
legendary
Activity: 1610
Merit: 1193
Gamble responsibly
January 25, 2021, 02:09:07 PM
#25

And yes I'm still new to this signed message thing, and i got a question, does signing a message with said address need the private key?
Of course, you need your private key to access your old wallet for sign message. But if you've never posted that address or PM sent that address to someone in the past, I think maybe your request will be rejected. So the bottom line is that any bitcoin address you have used in the past on forum will serve to prove you are the real owner.
Yes that is true that private key is needed to sign a message, but Redoubt should know that the private key is not included while signing, what that are included are just 1. The bitcoin address for signing the message 2. The message that will be signed, after these has been filled, the user can click on sign message, the message will be signed. Not all wallets sign a message, not all private keys wallets also sign a message, there are few ones that do it, like electrum and coinomi. All wallets signing a message are all altcoins private key wallets while not all private key wallets can sign a message, only few ones do.
legendary
Activity: 2464
Merit: 2094
January 25, 2021, 08:37:06 AM
#24

And yes I'm still new to this signed message thing, and i got a question, does signing a message with said address need the private key?
Of course, you need your private key to access your old wallet for sign message. But if you've never posted that address or PM sent that address to someone in the past, I think maybe your request will be rejected. So the bottom line is that any bitcoin address you have used in the past on forum will serve to prove you are the real owner.
legendary
Activity: 1890
Merit: 1148
January 25, 2021, 08:00:33 AM
#23
are there any ways (or maybe tips) to secure my account on this forum?
Don't give your account password to anyone.
newbie
Activity: 22
Merit: 11
January 25, 2021, 07:55:17 AM
#22
Also dont save you login details on your browser, manually typing your
username and password every time you login will implant it into your
memory, you will never forget!
Noted, i won't save login details on my browser anymore from now on.

A handy thread which I have yet to get around to doing myself is to stake
your Bitcoin address on the forum as another level of ownership of your account.
Here is the thread > https://bitcointalksearch.org/topic/stake-your-bitcoin-address-here-996318.
Also, I will 100% stake my signed bitcoin address for this account, so I won't lost this account either.

You don't need to have a sign message in 2014, example. What you need is have a post, or few posts with that address in 2014 or any year before the hack. Post contains that address need to be original, no edits. It is a plus point if some members quoted it for you in the past. If you pay your attention, you see many people quoted the sign message posts in the topic take your Bitcoin address here

Hackers can edit, delete past posts but they can not send request to other members to delete all past quoted posts relate to the hacked account.

Now, you sign a message with that address to prove that you are the person that owned that private key in 2014 to before the hack.

You signed that message and it proves the ownership on that account, not the hacked one.
Ahhh, now i understand, well sadly there is no post (that has been posted by my old account) that has my old wallet address written on it. But, i do remember that i input my wallet address into the profile page

For reference, here is a look at profile page that i got from Forum account: security, privacy, and recovery:
https://ip.bitcointalk.org/?u=https%3A%2F%2Fi.postimg.cc%2FCMf5WDsq%2F20200712-134609.jpg&t=621&c=5N83-ojeSmaBSg (welp, i can't post image, so here a link to that image from said topic, or if you are wary of me giving you some suspicious link just look at the third picture of the said topic)

So i was hoping that the admin or some archival machine able to look it up and ....

Although, after thinking about it again, seems like i cannot prove my ownership of the account, since anybody could change that exact value once they got in into that account. Oh well, sorry it took me so long to realize Grin

Anyway, thank you for your responses, really appreciate it Cheesy
hero member
Activity: 1442
Merit: 775
January 25, 2021, 07:30:50 AM
#21
What i meant is that i still have the access to my old wallet address that i mainly use at 2014 - 2016, which yes, i still do have the private key
It is good when you have access to that private key.

And yes I'm still new to this signed message thing, and i got a question, does signing a message with said address need the private key?


It is for PGP message not bitcoin message. They are different messages.

The guide shows the process to sign a PGP message is different and more complex: [Eng: Tutorial] PGP Signature - Encrypt/Decrypt message - Fingerprint
legendary
Activity: 2380
Merit: 1343
January 25, 2021, 07:21:28 AM
#20
Also dont save you login details on your browser, manually typing your
username and password every time you login will implant it into your
memory, you will never forget!

A handy thread which I have yet to get around to doing myself is to stake
your Bitcoin address on the forum as another level of ownership of your account.
Here is the thread > https://bitcointalksearch.org/topic/stake-your-bitcoin-address-here-996318

I'm not sure if there's another thread for this already, or if this belongs in a different section. So basically I thought it would be helpful to post up your Bitcoin address in this thread in the event that your account gets compromised later on down the road. You can simply make a new alt account, sign the address that your original account posted here, and have irrefutable proof that you're the actual owner. It's not 100% guaranteed that you'll get your account back, but it's a pretty good start. Of course, if your account is compromised, the hacker could just come back to this thread and edit/delete whatever address you post here, so that's why I'm asking people to quote the address posted by the preceding user in this thread. Here's mine:

snip

HOW TO SIGN A MESSAGE THREAD

newbie
Activity: 22
Merit: 11
January 25, 2021, 07:18:49 AM
#19
Edit:
I'm able to sign a message with my old address which had been assigned to my old account back then when there was a feature to include your bitcoin wallet address inside your profile page (or is it for member rank and up only? idk i forget xd).
What do you mean "include your bitcoin wallet address inside your profile page " ?

I believe that you don't understand the sign message. When you sign a message, you need to have a private key of that address/ wallet. The point to prove your account ownership is here: Sign a message from an address that was used and quoted before the hack. It is to prove that today, you are the owner, not the hacker, and still have control on that address and private key.

It is easy to include any bitcoin address to your personal text, and website link and others in the Profile page. I can search those addresses if I know the username of your hacked account and include it into those places. I can do it without control of private key for that address and it is non sense.
What i meant is that i still have the access to my old wallet address that i mainly use at 2014 - 2016, which yes, i still do have the private key, but unfortunately in the past i've never ever did a signed message using that address. And yes I'm still new to this signed message thing, and i got a question, does signing a message with said address need the private key?

I'm sorry for my misunderstanding about how signed message work tho, i'll read more about it.
hero member
Activity: 1442
Merit: 775
January 25, 2021, 07:10:43 AM
#18
Edit:
I'm able to sign a message with my old address which had been assigned to my old account back then when there was a feature to include your bitcoin wallet address inside your profile page (or is it for member rank and up only? idk i forget xd).
What do you mean "include your bitcoin wallet address inside your profile page " ?

I believe that you don't understand the sign message. When you sign a message, you need to have a private key of that address/ wallet. The point to prove your account ownership is here: Sign a message from an address that was used and quoted before the hack. It is to prove that today, you are the owner, not the hacker, and still have control on that address and private key.

It is easy to include any bitcoin address to your personal text, and website link and others in the Profile page. I can search those addresses if I know the username of your hacked account and include it into those places. I can do it without control of private key for that address and it is non sense.
newbie
Activity: 22
Merit: 11
January 25, 2021, 06:35:01 AM
#17
There is one thing that still needs adjustment on Bitcointalk forum, there is no 2FA yet and there is no security password been forward to email address for confirmation, anyone can just insert email and password over and over again without any worries of getting verification code sent into email address or other ways
I guess using 2FA at your email (like mentioned by ice18) is the best bet at this moment.

....
Not many users set a secret question for account.
Why tho? is it riskier to setup a secret question? is it better to leave it blank? Now i hesitate to put a secret question.

It's kinda risky, and I prefer leaving it blank and using the staked address route instead. Even Theymos himself, the forum admin, placed a warning message:

https://i.imgur.com/Z4cA3yU.png
....
Not many users set a secret question for account.
Why tho? is it riskier to setup a secret question? is it better to leave it blank? Now i hesitate to put a secret question.

It's kinda risky, and I prefer leaving it blank and using the staked address route instead. Even Theymos himself, the forum admin, placed a warning message:

https://i.imgur.com/Z4cA3yU.png
It's risky indeed because the question can be forgotten too but I wonder how someone would guess your question right, it depends on what type of question you are asking though, if this is a must one must ask a very tough question that's only know to themselves, it's better to create a very strong password than using a question and answer strategy, with strong password there won't be any problem
Ah i see, although, why did Theymos made that feature tho?

I don't know if that could be a proof or not, but i also made some trades selling some digital goods at this forum tho. I don't know if it helps or not.
If there are posts for trades with addresses before the hack and you are still able to sign a message from it, it can be considered as proof of ownership.

Addresses should be bitcoin not Ethereum. Moderators and admins are keen on Bitcoin address and bitcoin signed message as proof. It is a bitcointalk forum, not Ethereumtalk forum.
I might do some more research on my own past self, who knows i actually post one in the past. Although, the problem is the wallet that i mainly use at that time is from blockchain.info (which somehow now changed into blockchain.com). And as far as i know the website itself doesn't have the tool to sign a message using my old bitcoin address. I may tinker a little bit, since on a post titled How to sign a message?! there's a way but kinda hacky.

Other than what some members wrote above I would also suggest that you should be very careful when you receive any personal messages in forum and don't trust or click any links you receive.

This is one example that happened in my case and maybe it can help others:
How Scammer tried to Hack my Bitcointalk and how to Protect yourself?
Other than what some members wrote above I would also suggest that you should be very careful when you receive any personal messages in forum and don't trust or click any links you receive.

This is one example that happened in my case and maybe it can help others:
How Scammer tried to Hack my Bitcointalk and how to Protect yourself?


 
Nice information @dkbit98, most times it's always about phishing links, this is the easiest way for scammers to get users full details and passwords, it's why I believe that verification code will help this forum alot, I don't bother signing in and out of my forum account since I'm always active but I do hope that in future we will get 2FA activated on Bitcointalk
Alright will put extra caution on those personal messages that i receive, thanks for the info Cheesy.

For the 2FA, that would flip this forum 180 degree, since it really is such a good addition to security for this forum.


Edit:
I'm able to sign a message with my old address which had been assigned to my old account back then when there was a feature to include your bitcoin wallet address inside your profile page (or is it for member rank and up only? idk i forget xd).
member
Activity: 238
Merit: 17
Sovryn - Brings DeFi to Bitcoin
January 25, 2021, 05:09:02 AM
#16
Other than what some members wrote above I would also suggest that you should be very careful when you receive any personal messages in forum and don't trust or click any links you receive.

This is one example that happened in my case and maybe it can help others:
How Scammer tried to Hack my Bitcointalk and how to Protect yourself?


 
Nice information @dkbit98, most times it's always about phishing links, this is the easiest way for scammers to get users full details and passwords, it's why I believe that verification code will help this forum alot, I don't bother signing in and out of my forum account since I'm always active but I do hope that in future we will get 2FA activated on Bitcointalk
legendary
Activity: 2212
Merit: 7064
January 25, 2021, 04:54:06 AM
#15
Other than what some members wrote above I would also suggest that you should be very careful when you receive any personal messages in forum and don't trust or click any links you receive.

This is one example that happened in my case and maybe it can help others:
How Scammer tried to Hack my Bitcointalk and how to Protect yourself?


 
hero member
Activity: 1442
Merit: 775
January 25, 2021, 04:29:11 AM
#14
I don't know if that could be a proof or not, but i also made some trades selling some digital goods at this forum tho. I don't know if it helps or not.
If there are posts for trades with addresses before the hack and you are still able to sign a message from it, it can be considered as proof of ownership.

Addresses should be bitcoin not Ethereum. Moderators and admins are keen on Bitcoin address and bitcoin signed message as proof. It is a bitcointalk forum, not Ethereumtalk forum.
member
Activity: 210
Merit: 14
January 25, 2021, 03:48:11 AM
#13
....
Not many users set a secret question for account.
Why tho? is it riskier to setup a secret question? is it better to leave it blank? Now i hesitate to put a secret question.

It's kinda risky, and I prefer leaving it blank and using the staked address route instead. Even Theymos himself, the forum admin, placed a warning message:


It's risky indeed because the question can be forgotten too but I wonder how someone would guess your question right, it depends on what type of question you are asking though, if this is a must one must ask a very tough question that's only know to themselves, it's better to create a very strong password than using a question and answer strategy, with strong password there won't be any problem
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
January 25, 2021, 02:55:43 AM
#12
....
Not many users set a secret question for account.
Why tho? is it riskier to setup a secret question? is it better to leave it blank? Now i hesitate to put a secret question.

It's kinda risky, and I prefer leaving it blank and using the staked address route instead. Even Theymos himself, the forum admin, placed a warning message:

member
Activity: 210
Merit: 13
January 25, 2021, 02:50:09 AM
#11
There is one thing that still needs adjustment on Bitcointalk forum, there is no 2FA yet and there is no security password been forward to email address for confirmation, anyone can just insert email and password over and over again without any worries of getting verification code sent into email address or other ways
newbie
Activity: 22
Merit: 11
January 25, 2021, 02:47:26 AM
#10
First of all gotta say thank you for all the useful replies and helps Cheesy
And again sorry for the long reply time and that i reply all of you in a batched reply (since newbie can't post as fast as a member or so)

I think the reason why you are hacked is that you use, a simple password

my suggestion:

1. don't use your name as a password
2. don't use the birthday as the password
3. never use 123456 password
4.When trying to make a password use capital letters numbers special characters
5. Secure your registred email name, if the email hacks for sure all connected to that email will be a hack
6. add another level of security to those emails

What to avoid:

1. Don't connect to a free wifi connection, there might someone watching or gathering information in the network
2. avoid using your email address, to register to unknown registration or suspicious sites
3. never lend your account or left it open always logout.

this might help you next time,
Yes, i will try to not to use basic password anymore, thanks for the tips tho Cheesy

<...>
Just to point out that any potential recovery process is much smoother, and likely to have a positive outcome, if you can sign a bitcoin message or pgp message from an address you might have written on the forum at some point (ideally, in an unedited post, or quoted by somebody else).

The hacker may or may not have gone through prior posting history to deleted these addresses, but there is also the off-chance that it may have be quoted by somebody else.

If posts have been edited by the hacker, you may (slim chance though) find some archived posts using tools such as TheWayBackMachine, which may have captures a snapshot of something relevant at some point in time.

Uh, sadly i haven't posted any signed bitcoin message or even a pgp message, actually, for now I'm still learning how to use them properly. But i could got in into my old wallet at blockchain.com which it's address has been assigned to my old account (it was a feature back then to assign bitcoin address to your account, again as i remembered and also some proof from Forum account: security, privacy, and recovery screenshot to backup my hazy memory). I don't know if that could be a proof or not, but i also made some trades selling some digital goods at this forum tho. I don't know if it helps or not. But thanks for the information, really appreciate it Cheesy

Sorry for the really late reply (I've been doing research on how my account was hacked and when did it happened, i have a hazy memories about it, it's kinda emotional to me that i wanted to forget it lol)
Thank your details and again welcome you to use the forum again.

The first thing you must check is finding your hacked account is still usable or was banned.

BPIP.org and loyce.club/bans are third party tools to use. With first website, enter account username or userid to check. With second website, use Ctr+F and type your username or userid, Enter.
Inactive is not a good result, that could be caused by a ban.

As far as my research goes, the account is inactive after promoting some kind of altcoin (at around 2018)
A wave of bans: 400 yesterday, 300 the day before. What changed?. Good luck if your account was not banned in May, June 2019.
....
Looks like my account is inactive not because of ban, but because it made into a scamming account or some kind. I made that speculation because i didn't found my old account name on the second website, and it only says inactive for 2 years on the first website (also the first website is kinda confusing to read, i'm sorry xd).

....
Not many users set a secret question for account.
Why tho? is it riskier to setup a secret question? is it better to leave it blank? Now i hesitate to put a secret question.

Because the forum does not support 2fa you can instead use 2fa on the email you used to register since its the only way to recover fast once your account got hacked so your email address is very important on the recovery process a simple tips I can give you can always bookmarked the forum official site link to avoid possible phishing attacks and also try to avoid downloading malicious softwares from different websites it might contains malwares that can copy your computers passwords.    
Okay, thanks for the tips, i'll keep that in mind Cheesy.

Edit:
Since DdmrDdmr replied by editing their post, I'm also doing the same thing here.
<...>
Just to point out that any potential recovery process is much smoother, and likely to have a positive outcome, if you can sign a bitcoin message or pgp message from an address you might have written on the forum at some point (ideally, in an unedited post, or quoted by somebody else).

The hacker may or may not have gone through prior posting history to deleted these addresses, but there is also the off-chance that it may have be quoted by somebody else.

If posts have been edited by the hacker, you may (slim chance though) find some archived posts using tools such as TheWayBackMachine, which may have captures a snapshot of something relevant at some point in time.

Edit:
<...> Uh, sadly <...>
I'd include that in your email to account recoveries, just in case they can work with any of what you mention there.

I've sent an email, hopefully they will be able to recover my old account with given information from me.
hero member
Activity: 2492
Merit: 542
January 25, 2021, 02:19:07 AM
#9
Because the forum does not support 2fa you can instead use 2fa on the email you used to register since its the only way to recover fast once your account got hacked so your email address is very important on the recovery process a simple tips I can give you can always bookmarked the forum official site link to avoid possible phishing attacks and also try to avoid downloading malicious softwares from different websites it might contains malwares that can copy your computers passwords.    
Pages:
Jump to: