Authorize log-in attempt by e-mail - Bitcointalk account

hilariousandco

global moderator

Activity: 3794

Merit: 2615

Join the world-leading crypto sportsbook NOW!

Quote from: actwo on March 23, 2018, 11:11:17 PM

Quote from: hilariousandco on March 23, 2018, 01:09:31 PM

There is already an authentication email sent once you try reset the password and/or change your email.

A hacker changed my password then my email address with out access to my email. I have sent you an PM with proof of my identity.

Thank you

Then you should have received en email where you can lock the account. I can't do anything about restoring accounts so you'll need to PM an admin but if you haven't got a valid signed message you might as well forget about it because even accounts with them are taking months to be restored if they're being restored at all.

AzureDragon

member

Activity: 244

Merit: 20

It seems to me that in such circumstances the developers of the forum have to seriously think about the introduction of two-factor authorization.

jhenfelipe

hero member

Activity: 1372

Merit: 647

Quote from: bitmover on March 23, 2018, 12:58:43 PM

Implement a log-in authorization by e-mail every time a different IP try to login in your account.

If there will be several options, authorization before the account will be accessed using a different device would be good too imo. A bit hassle only to those who don't have their own device to open bitcointalk.

Quote from: hilariousandco on March 23, 2018, 01:09:31 PM

There is already an authentication email sent once you try reset the password and/or change your email.

As announced by theymos here https://bitcointalksearch.org/topic/email-security-notifications-2282758 (if someone wants to look for it)

actwo

newbie

Activity: 3

Merit: 0

Quote from: hilariousandco on March 23, 2018, 01:09:31 PM

There is already an authentication email sent once you try reset the password and/or change your email.

A hacker changed my password then my email address with out access to my email. I have sent you an PM with proof of my identity.

Thank you

Lesbian Cow

legendary

Activity: 2954

Merit: 1752

Quote from: hilariousandco on March 23, 2018, 01:09:31 PM

There is already an authentication email sent once you try reset the password and/or change your email.

How about offering 2fa on log in as a user opt in?

Welsh

staff

Activity: 3248

Merit: 4110

I think it's best left how it is right now. Only sending notifications when details are changed on the account. Requiring a authentication email every time you log in would become very tedious. If it was optional then that would probably suit those who want extra security and those who want ease of access and not jump through loop holes every time they want to log in.

bitmover

legendary

Activity: 2212

Merit: 5622

Non-custodial BTC Wallet

Quote from: hilariousandco on March 23, 2018, 01:09:31 PM

There is already an authentication email sent once you try reset the password and/or change your email.

Thanks, I was not aware of that, as I never tried to change those.
I think it does the job.

bitperson

full member

Activity: 210

Merit: 119

Quote from: bitmover on March 23, 2018, 12:58:43 PM

Implement a log-in authorization by e-mail every time a different IP try to login in your account.

No! I use Bitcointalk from all over the place, so I would have to deal with such messages constantly. Sites that use them typically send them from spammy networks, so I usually have to grep through spam filter logs to find them. This is a great forum, but having to go through that kind of trouble would be too much.

hilariousandco

global moderator

Activity: 3794

Merit: 2615

Join the world-leading crypto sportsbook NOW!

There is already an authentication email sent once you try reset the password and/or change your email.

godzillarekt007

full member

Activity: 266

Merit: 106

Floki Robot

I like the idea a lot, it reminds me of how Bittrex does it when you sign in from different IP. Added bonus is because we don't have 2FA we won't have to type that code in several times before entering. 2 thumbs up idea, great way to increase security!

bitmover

legendary

Activity: 2212

Merit: 5622

Non-custodial BTC Wallet

Hello,

Everyday we see new topics where people complain about their hacked accounts.

As most people here earn money with their accounts, everyone should worry about account security.

Now with the implementation of the merit system our accounts are even more valuable since our hard earned merits are even more valuable than most altcoins people get from bounties.

I saw that there are already many threads asking for 2FA on your Bitcointalk. For some reason it has never been implemented.
But there are other mechanisms to increase security that can be implemented in our forum.

My suggestion is simple:
Implement a log-in authorization by e-mail every time a different IP try to login in your account.

When you try to login to your account in a different computer or network you will receive a message: "Check your e-mail to approve login attempt."

I think this simple implementation can avoid most of the related problems with hacked accounts.

Many exchanges and webwallets already use this method, so most people are quite familiar with.

What are your thoughts?

Topic: Authorize log-in attempt by e-mail - Bitcointalk account (Read 160 times)