regarding login procedure: is 2FA or CAPTCHA a thought which is worth to think about for security reasons?
thank you!
thank you!
Captcha is just a pain in the ass for everybody, and there's no way to make it look good and fit with the interface the way the current login does.
2FA is something I've considered, but it's an extra layer I don't feel is needed. If your email is locked, you're safe unless your email is compromised and used to compromise your BTC Guild account. If your wallet is locked, you're safe even if your email and BTC Guild account are compromised. 2FA is a support nightmare when somebody loses/bricks/wipes their phone authenticator. It's bad enough dealing with people who formatted their hard drive and lost their locked wallet, I'm sure phones are formatted/bricked/lost a hell of a lot more frequently than that.
thank you very much!
to prevent automated login attacks maybe the login procedure could be delayed if the username and password did not match 3 times. then it should not possible to login for a few seconds. and so on. just a thought.
IPs are banned outright when too many attempts are failed. A new ban has also been added similarly for password reset attempts with even less tolerance for repeatedly trying to reset passwords on usernames that don't exist (fishing for valid usernames).
ahh thanks! :-)
