Topic: Any way to secure forum account? (Read 381 times)

Trying to recover your old account of Member rank is just a waste of time and effort in my opinion.
You can easily get to member rank within a few months of good effort. You will need just 10 merits and that's not such a difficult job if you put in some efforts.
I see that you have staked your address already which is a good thing. Just make sure to put in some efforts and you will reach Member rank in no time.
All the best and will definitely see you around the forum  

I do not see your corrections as corrections, except the last mistake that I wanted to write all but changed to altcoins which I will still discuss below. You should read carefully before making comment, private key is needed to sign a message, but it will not be included while signing the message it works underneath, only what are included is the address and the message you want to sign.

Check what I posted.


Not password but passphrase, know that passwords are not passphrase. It is not also an encryption but a seed extension.

Try to correct when appropriate, what are you talking about? You mean all private key wallet sign a message? What about the private key wallets that do not have the software to sign a message like atomic wallet and many other wallets, only few private key wallets sign a message. Do not correct what is right.

Can atomic wallet sign a message, is it not a private key wallet, you need to understand about wallet before commenting about them because you are absolutely wrong and saying someone is wrong.

Corrected, typo error.

You understood the private key, public address and sign message totally inaccurate.

Private key - create public key - create public address

In order to sign a bitcoin message, you need to have a private key for a public address from which you want to sign a message. In a reverse  way, the sign message is to show you are the owner of that address by owning its private key.

Ok fine man. Your answers show you are wrong again.

Password: Electrum. Passphrase: Bitcoin Core. Two wallets use different words but they serve as traditional password for files that we know.

Bitcoin Core:
https://bitcoin.org/en/wallets/desktop/windows/bitcoincore/
I only know deterministic wallet (and hierarchical deterministic or HD wallet), non deterministic wallet, custodial wallet, non custodial wallet.

Mastering bitcoin. Chap. 05 Wallets
Bitcoin.it, Wallet
Custodial vs. Non Custodial Wallets - "Not your keys, not your coin" Explained.

You need to read documents again as I see you love what you typed creatively.

What I wrote could be wrong as I am not a bitcoin developer and I will read documents again if I see I understood incorrectly. I hope you will listen to correct your knowledge when Legendary members comment.

Yes that is true that private key is needed to sign a message, but Redoubt should know that the private key is not included while signing, what that are included are just 1. The bitcoin address for signing the message 2. The message that will be signed, after these has been filled, the user can click on sign message, the message will be signed. Not all wallets sign a message, not all private keys wallets also sign a message, there are few ones that do it, like electrum and coinomi. All wallets signing a message are all altcoins private key wallets while not all private key wallets can sign a message, only few ones do.

Of course, you need your private key to access your old wallet for sign message. But if you've never posted that address or PM sent that address to someone in the past, I think maybe your request will be rejected. So the bottom line is that any bitcoin address you have used in the past on forum will serve to prove you are the real owner.

Don't give your account password to anyone.

Noted, i won't save login details on my browser anymore from now on.

Also, I will 100% stake my signed bitcoin address for this account, so I won't lost this account either.

Ahhh, now i understand, well sadly there is no post (that has been posted by my old account) that has my old wallet address written on it. But, i do remember that i input my wallet address into the profile page

For reference, here is a look at profile page that i got from Forum account: security, privacy, and recovery:
https://ip.bitcointalk.org/?u=https%3A%2F%2Fi.postimg.cc%2FCMf5WDsq%2F20200712-134609.jpg&t=621&c=5N83-ojeSmaBSg (welp, i can't post image, so here a link to that image from said topic, or if you are wary of me giving you some suspicious link just look at the third picture of the said topic)

So i was hoping that the admin or some archival machine able to look it up and ....

Although, after thinking about it again, seems like i cannot prove my ownership of the account, since anybody could change that exact value once they got in into that account. Oh well, sorry it took me so long to realize

Anyway, thank you for your responses, really appreciate it

It is good when you have access to that private key.

---

It is for PGP message not bitcoin message. They are different messages.

The guide shows the process to sign a PGP message is different and more complex: [Eng: Tutorial] PGP Signature - Encrypt/Decrypt message - Fingerprint

Also dont save you login details on your browser, manually typing your
username and password every time you login will implant it into your
memory, you will never forget!

A handy thread which I have yet to get around to doing myself is to stake
your Bitcoin address on the forum as another level of ownership of your account.
Here is the thread > https://bitcointalksearch.org/topic/stake-your-bitcoin-address-here-996318


HOW TO SIGN A MESSAGE THREAD

What i meant is that i still have the access to my old wallet address that i mainly use at 2014 - 2016, which yes, i still do have the private key, but unfortunately in the past i've never ever did a signed message using that address. And yes I'm still new to this signed message thing, and i got a question, does signing a message with said address need the private key?

I'm sorry for my misunderstanding about how signed message work tho, i'll read more about it.

What do you mean "include your bitcoin wallet address inside your profile page " ?

I believe that you don't understand the sign message. When you sign a message, you need to have a private key of that address/ wallet. The point to prove your account ownership is here: Sign a message from an address that was used and quoted before the hack. It is to prove that today, you are the owner, not the hacker, and still have control on that address and private key.

It is easy to include any bitcoin address to your personal text, and website link and others in the Profile page. I can search those addresses if I know the username of your hacked account and include it into those places. I can do it without control of private key for that address and it is non sense.

I guess using 2FA at your email (like mentioned by ice18) is the best bet at this moment.

Ah i see, although, why did Theymos made that feature tho?

I might do some more research on my own past self, who knows i actually post one in the past. Although, the problem is the wallet that i mainly use at that time is from blockchain.info (which somehow now changed into blockchain.com). And as far as i know the website itself doesn't have the tool to sign a message using my old bitcoin address. I may tinker a little bit, since on a post titled How to sign a message?! there's a way but kinda hacky.

Alright will put extra caution on those personal messages that i receive, thanks for the info .

For the 2FA, that would flip this forum 180 degree, since it really is such a good addition to security for this forum.


Edit:
I'm able to sign a message with my old address which had been assigned to my old account back then when there was a feature to include your bitcoin wallet address inside your profile page (or is it for member rank and up only? idk i forget xd).

Nice information @dkbit98, most times it's always about phishing links, this is the easiest way for scammers to get users full details and passwords, it's why I believe that verification code will help this forum alot, I don't bother signing in and out of my forum account since I'm always active but I do hope that in future we will get 2FA activated on Bitcointalk

Other than what some members wrote above I would also suggest that you should be very careful when you receive any personal messages in forum and don't trust or click any links you receive.

This is one example that happened in my case and maybe it can help others:
How Scammer tried to Hack my Bitcointalk and how to Protect yourself?


 

If there are posts for trades with addresses before the hack and you are still able to sign a message from it, it can be considered as proof of ownership.

Addresses should be bitcoin not Ethereum. Moderators and admins are keen on Bitcoin address and bitcoin signed message as proof. It is a bitcointalk forum, not Ethereumtalk forum.

It's risky indeed because the question can be forgotten too but I wonder how someone would guess your question right, it depends on what type of question you are asking though, if this is a must one must ask a very tough question that's only know to themselves, it's better to create a very strong password than using a question and answer strategy, with strong password there won't be any problem

It's kinda risky, and I prefer leaving it blank and using the staked address route instead. Even Theymos himself, the forum admin, placed a warning message:

There is one thing that still needs adjustment on Bitcointalk forum, there is no 2FA yet and there is no security password been forward to email address for confirmation, anyone can just insert email and password over and over again without any worries of getting verification code sent into email address or other ways

First of all gotta say thank you for all the useful replies and helps
And again sorry for the long reply time and that i reply all of you in a batched reply (since newbie can't post as fast as a member or so)

Yes, i will try to not to use basic password anymore, thanks for the tips tho

Uh, sadly i haven't posted any signed bitcoin message or even a pgp message, actually, for now I'm still learning how to use them properly. But i could got in into my old wallet at blockchain.com which it's address has been assigned to my old account (it was a feature back then to assign bitcoin address to your account, again as i remembered and also some proof from Forum account: security, privacy, and recovery screenshot to backup my hazy memory). I don't know if that could be a proof or not, but i also made some trades selling some digital goods at this forum tho. I don't know if it helps or not. But thanks for the information, really appreciate it

Looks like my account is inactive not because of ban, but because it made into a scamming account or some kind. I made that speculation because i didn't found my old account name on the second website, and it only says inactive for 2 years on the first website (also the first website is kinda confusing to read, i'm sorry xd).

Why tho? is it riskier to setup a secret question? is it better to leave it blank? Now i hesitate to put a secret question.

Okay, thanks for the tips, i'll keep that in mind .

Edit:
Since DdmrDdmr replied by editing their post, I'm also doing the same thing here.
I've sent an email, hopefully they will be able to recover my old account with given information from me.

Because the forum does not support 2fa you can instead use 2fa on the email you used to register since its the only way to recover fast once your account got hacked so your email address is very important on the recovery process a simple tips I can give you can always bookmarked the forum official site link to avoid possible phishing attacks and also try to avoid downloading malicious softwares from different websites it might contains malwares that can copy your computers passwords.