Changing passwords while you have enable the 2FA option, i think it have no meaning.
Will you reveal your password because you have 2fa enabled ? Password is layer-1 protection and 2fa will act as layer-2 protection. Fortunately bitdice has layer-3 protection too, (need to confirm email every time we login). Having extra protections will not harm us but will hurt hackers.
you have to change passwords, as long as you use the same, almost everywhere...
Using different password for different services is the one of the basic security aspects of modern digital life. It would be ridiculous using same password across gambling sites, we cannot be sure when a site will get hacked nor when a scammer will decide to sell our data.
Security matters to those bettors who spend a big amount of money to gamble, specifically the whales.
Maybe for some of us that is inconvenient but we do not realize that security is the most important thing when it comes to the protection of our money.
For now, I don't use 2FA since I don't usually gamble with bigger amount, and for me, the email confirmation has already satisfied my needs in terms of security.
It does depend on a certain person if he would take the security seriously or not but it would totally be relying on how much money you would spend.Lets say putting up 100 btc you will surely find and seek if the site have a good security which is already normal for us bettors since we do value our money. Security is very important but in our situation which dont have enough or big money to spent then light security would be fine.
Security doesn't depend on the amount of btc you put in, it relies more on the capacities of the dev, on his lazyness level, on his organization, because everyone knows the required tags to secure an application, now if you forget to do one, like bitfinex and poloniex (they use GET to transmit high level data) then you are done, someone will hack you.
Talking about bitfinex, they were sending data using GET requests, GEt can be easily changed and intercepted as it is URL information, so using this you can send custom data to the server depending on how they segmented the code.
Poloniex is doing the same, so beware if you trade there.
bitdice is using POST request, which is the basic security model to use, and it is aleready a great point for them, now i don't know if they use the usual htmlspecialcaracters method or a regex to filter XSS, i don't know what database is used, if they use a sql database, there are some methods they should put in to secure from SQLI, if it is a noSQL database, then it depends on which one is used.
But untill now, the website is secure for me.
