Author

Topic: Ask for bitcoin address while signing up (Read 1924 times)

legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
September 20, 2015, 02:59:01 AM
#24
Some newbies are more to understanding Bitcoin when joining this forum and they would probably have only the exchange deposit address as it's much simpler. We can perhaps make it optional. Also, if the address's RNG is weak, it could be cracked and people can use it to hack the accounts if it cannot be changed. This may also be an issue now but it would be a much bigger issue if users are confined to using only that address to confirm their identity.
full member
Activity: 166
Merit: 100
Marshall Mathers
September 19, 2015, 02:15:57 AM
#23
yep, just cuz the owner provided the private key doesnt make it safe, the owner retains the key.
the owner would have to be extremely trusted to not reverse the account. this kinda reminds me of paypal, bct accounts would become just like paypal.
Great idea.
And it will prevent majority of the scams which are done with bought accounts.
hero member
Activity: 756
Merit: 500
September 18, 2015, 12:52:08 PM
#22
yep, just cuz the owner provided the private key doesnt make it safe, the owner retains the key.
the owner would have to be extremely trusted to not reverse the account. this kinda reminds me of paypal, bct accounts would become just like paypal.
legendary
Activity: 1078
Merit: 1024
September 18, 2015, 12:41:37 PM
#21
The user must enter his bitcointalk address along with a signed message while signing up.And there should be an inbuilt message verifier.So that he could recover his account if it gets stolen or hacked by re-signing with the same address with the time stamp.

sounds like a good idea, it would also stop the buying/selling of accounts, because no one would buy an account as the owner would be able to recover it so easily.

This won't stop account buying/selling, users usually sell private key along with the account.

Agreed. But when you sell your private key, the original owner still has the possibility of recovering, as well as the new owner of the account.


 
legendary
Activity: 2198
Merit: 1014
Bitdice is scam scam scammmmmmmmmmmmmmmmmmmmmmmmmm
September 18, 2015, 11:58:47 AM
#20
The user must enter his bitcointalk address along with a signed message while signing up.And there should be an inbuilt message verifier.So that he could recover his account if it gets stolen or hacked by re-signing with the same address with the time stamp.

sounds like a good idea, it would also stop the buying/selling of accounts, because no one would buy an account as the owner would be able to recover it so easily.

This won't stop account buying/selling, users usually sell private key along with the account.
hero member
Activity: 756
Merit: 500
September 18, 2015, 11:30:12 AM
#19
The user must enter his bitcointalk address along with a signed message while signing up.And there should be an inbuilt message verifier.So that he could recover his account if it gets stolen or hacked by re-signing with the same address with the time stamp.

sounds like a good idea, it would also stop the buying/selling of accounts, because no one would buy an account as the owner would be able to recover it so easily.
legendary
Activity: 2198
Merit: 1014
Bitdice is scam scam scammmmmmmmmmmmmmmmmmmmmmmmmm
September 18, 2015, 11:19:49 AM
#18
I come up with the same idea.
This would for sure prevent account hacking and make recovering a lost account easier.
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
September 18, 2015, 04:11:48 AM
#17
so would we be confined to just one address?
Nope.
That BTC address will only be used for authentication.

So essentially you're making buying/selling of accounts pretty much impossible unless the seller gives the priv key along with the account? Which also means mostly accounts that were created for the sole intention of being sold would be sold.

I dont think the idea of any 2FA is that you can never change it. It wouldnt be the first time someone lost their phone.

Quick question: wouldn't that ruin the whole idea of the bitcoin verification? If an account was hacked, all the hacker would need to do is change the address and the original owner would have to do the whole bitcoin-signing-of-old-messages-containing-bitcoin-addresses thing.

Well the other option is to ruin accounts just because someone lost access to their wallet. You cant have both. This is why I think it should be optional to use 2FA and to have maybe a 3rd (or more) auth option as fallback. E.g. 1st is user/pass 2nd is bitcoin signed message and 3rd is PGP signed. Login would be possible if 2 out of 3 are passed. The same way 2 out of 3 would allow to change any one of them, change the scheme (to e.g. 3 out of 17, 1 out of 2, etc.). I would think a forgotten password or a misplaced backup is more likely than a hack and the security mechanisms should not tunnel vision on a single issue (e.g. hacks).
sr. member
Activity: 420
Merit: 250
September 18, 2015, 02:57:28 AM
#16
Naa.You won't be able to change the address.Just like you can't change your username.
I don't think the forum needs any extra security measures as of now ,also thermos dosent cares about account stuff as much as he cares about the forum ', I don't see abundant threads about hacked accounts in META too, its a different case if a legendary account is hacked.
full member
Activity: 166
Merit: 100
Marshall Mathers
September 18, 2015, 02:33:45 AM
#15
so would we be confined to just one address?
Nope.
That BTC address will only be used for authentication.

So essentially you're making buying/selling of accounts pretty much impossible unless the seller gives the priv key along with the account? Which also means mostly accounts that were created for the sole intention of being sold would be sold.

Of course we can't stop this activity.As I said earlier it will only be used for authentication.

so would we be confined to just one address?
Nope.
That BTC address will only be used for authentication.

So essentially you're making buying/selling of accounts pretty much impossible unless the seller gives the priv key along with the account? Which also means mostly accounts that were created for the sole intention of being sold would be sold.

I dont think the idea of any 2FA is that you can never change it. It wouldnt be the first time someone lost their phone.

Quick question: wouldn't that ruin the whole idea of the bitcoin verification? If an account was hacked, all the hacker would need to do is change the address and the original owner would have to do the whole bitcoin-signing-of-old-messages-containing-bitcoin-addresses thing.
Naa.You won't be able to change the address.Just like you can't change your username.
sr. member
Activity: 252
Merit: 250
Go figure! | I'm nearing 1337 posts...
September 17, 2015, 05:48:08 PM
#14
so would we be confined to just one address?
Nope.
That BTC address will only be used for authentication.

So essentially you're making buying/selling of accounts pretty much impossible unless the seller gives the priv key along with the account? Which also means mostly accounts that were created for the sole intention of being sold would be sold.

I dont think the idea of any 2FA is that you can never change it. It wouldnt be the first time someone lost their phone.

Quick question: wouldn't that ruin the whole idea of the bitcoin verification? If an account was hacked, all the hacker would need to do is change the address and the original owner would have to do the whole bitcoin-signing-of-old-messages-containing-bitcoin-addresses thing.
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
September 17, 2015, 01:57:40 PM
#13
so would we be confined to just one address?
Nope.
That BTC address will only be used for authentication.

So essentially you're making buying/selling of accounts pretty much impossible unless the seller gives the priv key along with the account? Which also means mostly accounts that were created for the sole intention of being sold would be sold.

I dont think the idea of any 2FA is that you can never change it. It wouldnt be the first time someone lost their phone.
full member
Activity: 168
Merit: 100
If life gives you lemons, make orange juice.
September 17, 2015, 01:45:53 PM
#12
so would we be confined to just one address?
Nope.
That BTC address will only be used for authentication.

So essentially you're making buying/selling of accounts pretty much impossible unless the seller gives the priv key along with the account? Which also means mostly accounts that were created for the sole intention of being sold would be sold.
full member
Activity: 166
Merit: 100
Marshall Mathers
September 17, 2015, 09:45:01 AM
#11
The user must enter his bitcointalk address along with a signed message while signing up.And there should be an inbuilt message verifier.So that he could recover his account if it gets stolen or hacked by re-signing with the same address with the time stamp.

Good idea but it should be allowed after sign up because many users who sign up for the first time no nothing about bitcoin address and how to get one
Then there should be a help button in the sign-up form.Which will guide them on "How to get your first BTC address".

so would we be confined to just one address?
Nope.
That BTC address will only be used for authentication.
hero member
Activity: 994
Merit: 500
September 16, 2015, 08:12:27 PM
#10
so would we be confined to just one address?
administrator
Activity: 3962
Merit: 3184
September 16, 2015, 07:53:12 PM
#9
It's something that has been mentioned in the past, but I don't think anybody is working on it.

Not right now there isn't, as work on 2FA hasn't even been started yet afaik. But the complete product will have various authentication methods.
legendary
Activity: 1078
Merit: 1024
September 16, 2015, 06:02:27 PM
#8
2FA with PGP or signed bitcoin messages is something I would very much like to see.
It's something that has been mentioned in the past, but I don't think anybody is working on it.
legendary
Activity: 854
Merit: 1000
September 16, 2015, 05:57:26 PM
#7
The user must enter his bitcointalk address along with a signed message while signing up.And there should be an inbuilt message verifier.So that he could recover his account if it gets stolen or hacked by re-signing with the same address with the time stamp.

Good idea but it should be allowed after sign up because many users who sign up for the first time no nothing about bitcoin address and how to get one
staff
Activity: 3304
Merit: 4115
September 16, 2015, 05:47:21 PM
#6
I generally support the idea of adding 2 factor authentication, with signing a PGP/Bitcoin address. But, I don't think it shouldn't be forced upon the user when registering. It should be a optional feature. Majority of the users who sign up here are not only new to the forum, but new to cryptocurrency and Bitcoin. Therefore, they may not have a Bitcoin address, even though it's easy to get an address, I'm sure getting an address isn't going to be their main focus.

You've also got to consider, that some members are here to discuss and follow the technology, rather than trade. This has been displayed before when a few users have actually stated that they have no Bitcoin, but like to discuss and learn about Bitcoin. There's probably many reasons that I've not brought up, including the alt coin scene which I'm not going to get into here as you probably get my point by now.
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
September 16, 2015, 03:38:22 PM
#5
Fancy auth methods are already in planing[1], but what exactly is a "bitcointalk address"?

[1] https://bitcointalksearch.org/topic/current-requirements-523070
full member
Activity: 166
Merit: 100
Marshall Mathers
September 16, 2015, 05:38:04 AM
#4
The user must enter his bitcointalk address along with a signed message while signing up.And there should be an inbuilt message verifier.So that he could recover his account if it gets stolen or hacked by re-signing with the same address with the time stamp.


I cannot think of a better way to stifle forum growth than this idea!

Maybe we should hide the domain name as well!   Wink
How is it going to stifle up the forum?
Its only going to add an extra layer for security.
What if your email account gets hacked too and your address wasn't quoted by anyone?
Then there would be no way to recover it.
Unless the database has your address stored.
I think you got the the idea in a wrong way.
Vod
legendary
Activity: 3668
Merit: 3010
Licking my boob since 1970
September 15, 2015, 03:42:21 PM
#3
The user must enter his bitcointalk address along with a signed message while signing up.And there should be an inbuilt message verifier.So that he could recover his account if it gets stolen or hacked by re-signing with the same address with the time stamp.


I cannot think of a better way to stifle forum growth than this idea!

Maybe we should hide the domain name as well!   Wink
administrator
Activity: 3962
Merit: 3184
September 15, 2015, 01:57:18 PM
#2
I like this and hope something similar gets implemented. We know 2FA will definitely be added and IIRC there were talks about adding address signing to the list of 2FA solutions.
full member
Activity: 166
Merit: 100
Marshall Mathers
September 15, 2015, 12:06:43 PM
#1
The user must enter his bitcointalk address along with a signed message while signing up.And there should be an inbuilt message verifier.So that he could recover his account if it gets stolen or hacked by re-signing with the same address with the time stamp.
Jump to: