Author

Topic: BitDice V4 Development Diary - Issue #1 Authentication. (Read 449 times)

hero member
Activity: 776
Merit: 522

We started our blog: on medium. So go ahead and add as to your bookmarks Wink


This is the first post about new version development of BitDice Casino. We are going to tell you how hard it is to create such services, how much effort we put in it and how sophisticated our code is.

First of all, I have to mention that starting from V4 we will ask for an email during the registration and will block all one-time email providers. The latter is made against recent DDoS attacks on BitDice. Also we are going to pivot to casino, where dice will be just one of the many games you will be able to play.

Why do we ask for an email? First of all, it is another security level. The email will be used for large withdrawal confirmations, password resets, and will alert you about suspicious sign-ins. It will also inform you about the various events held by BitDice.

We promise that this information will be private and never be traded to anyone. It will not spam your mailbox.

Today I will tell you about one of the most important aspects of any service holding the users’ funds — authentication. We will discuss the way we process user sign-ins, log requests and block user accounts if we see any suspicious requests.

Besides obvious (user sign-in itself ), we do several other things:

  • User account and password brute force protection;
  • Holding session state and ability to close all the sessions or any of them;
  • Monitoring user sign-ins and alert users in case of different browser\country;
  • Block user accounts after X invalid sign-in attempts;
  • 2FA protection;
  • White-list IP address;

We are brute force save! Firstly, we block IP addresses during account and password brute force attempts. Second, we lock user account even if attacker uses different IP addresses.

Close any session anywhere! With new V4 you will be able to close any open sessions that left active from your previous sign-ins, such as the ones from the public places or friends homes. You can stop worrying about someone having access to your account.

Check where and when you signed-in! Now you can check authentication logs. Any successful or unsuccessful attempt is logged with IP address, browser information and country of the user.

Account lock! Concerned your password was leaked and someone used it to sign-in? Nothing to worry about. As chances that hacker will be using the same browser and as you normally do is very low. We will lock your account until you confirm with email that it was in fact you. Stay safe with us!

2FA Protection! Don’t like Google Authenticator — use Authy, or any other TOTP application to protect your account. We take care about 2FA brute force too! This is the last resort and it will stand out!

Whitelist your own IP address. Still think our protection is low? Use private VPN and prefer to lock the world out of your account? You can do it with us!

Thank you for the time spent reading our blog. I promise to get back with new posts about the most professional and secure bitcoin casino available to the best players like you!

Regards,
Alex

PS: There's no ETA on new version. However images I will post are from final designs, some code like this one is already written and tested, that's all I can tell for now.
Jump to: