Author

Topic: Email security notifications (Read 3441 times)

copper member
Activity: 2996
Merit: 2374
September 23, 2018, 02:20:08 AM
#54
This looks like a great improvement to the security here.

Now, please could we have email confirmation of new registration applications, and a restriction that only one account can be associated with an email address. I am aware that it is easy to circumvent these restrictions, but it adds some more difficulties to the bot signups.
Presumably, the bots are advanced enough so that they can create their own email server and acknowledge these sign up confirmations.

Requiring email verification would likely result in normal users to have decreased privacy.
legendary
Activity: 2814
Merit: 2472
https://JetCash.com
September 23, 2018, 01:57:50 AM
#53
This looks like a great improvement to the security here.

Now, please could we have email confirmation of new registration applications, and a restriction that only one account can be associated with an email address. I am aware that it is easy to circumvent these restrictions, but it adds some more difficulties to the bot signups.
member
Activity: 136
Merit: 25
August 08, 2018, 11:56:49 PM
#52
I'll never forget how I lost my account because the admins were not intelligent enough to actually add email security notifications at the time.

RIP awesome31312

From Politics shitposting to shitposting in a language we don't know
jr. member
Activity: 504
Merit: 5
July 11, 2018, 08:21:04 AM
#51
I added email notifications for some security events:

Whenever your password is changed (except by an administrator), you will get an email about it.

Whenever your email is changed (except by an administrator), your old email will get an email about it with a link to lock your account. The link is valid for 14 days.

Let me know if you find any bugs.

I think this a good development and it will help a long way to reduce hacking of accounts and secure the account as long as possible but, I as a person don't have the idea to carry out this operation and makes my account to be firmly secured please can you help me with some details explanations? I will really appreciate that Thanks .
jr. member
Activity: 36
Merit: 1
July 11, 2018, 08:11:03 AM
#50
It nice to receive a link from the forum to the link email to your bitcointalk.org account before you can change your password.
Second, if you will receive email also saying that your account has been opened for the first time in a diiference device--- it will also give account owner to block this transaction if ever your account was opened in unknown location---
hero member
Activity: 2366
Merit: 838
July 11, 2018, 12:16:33 AM
#49
What if I lose acces to my old email address, which I used to register my account at the start?
I guess this situation might lead to lose all control to my account, am I right?
Are there any chance to get my account back if I unfortunately fall into such very bad situation?


Just a bit curious because I have never experienced such terrible cases.
newbie
Activity: 83
Merit: 0
July 10, 2018, 04:21:34 PM
#48
my account was hacked but I was able to click on the link to lock my account,
which is a problem for me how to get back my account Huh,
and how my status account now Huh
will admin restore that account to the final data before the mail and password change and send me a new password Huh?

http://i66.tinypic.com/2lkvi4g.jpg


http://i66.tinypic.com/jz907b.jpg

If you've not locked your account, yopmail allows you to open any email registered with that domain, just use the forget password option and open the email on yopmail and then reset the email.

On another note, the same IP Address hacked me and a few other people.
jr. member
Activity: 279
Merit: 1
July 10, 2018, 09:21:08 AM
#47
my account was hacked but I was able to click on the link to lock my account,
which is a problem for me how to get back my account Huh,
and how my status account now Huh
will admin restore that account to the final data before the mail and password change and send me a new password Huh?




jr. member
Activity: 279
Merit: 1
July 10, 2018, 09:15:05 AM
#46
my account was hacked but I was able to click on the link to lock my account,
which is a problem for me how to get back my account Huh,
and how my status account now Huh
will admin restore that account to the final data before the mail and password change and send me a new password Huh?
copper member
Activity: 630
Merit: 420
We are Bitcoin!
July 03, 2018, 05:23:25 AM
#45
I am not sure if it has been discussed here or not but excuse my rush here...

Looking at all these hacked/locked account issues and the time needed to recover them manually, I feel very insecure for my account too. Although I always use strong password, 2FA where applicable - all sorts of things to ensure the highest security but still anything can happen anytime. It could be my mistake or it could be system leak, which actually does not matter. What matters is once an accident happen then the account holder is facing all sorts of hassles which is frustrating.

Coming to my point...
Whenever your password is changed (except by an administrator), you will get an email about it.

Whenever your email is changed (except by an administrator), your old email will get an email about it with a link to lock your account. The link is valid for 14 days.

I actually do not understand why the email to lock? Instead of the link to lock the account why can not the system send an email asking to revoke the request if the change has not made by this email account holder?

I think this could be a decent procedure....
If an account (bitcoinTalk) requests for password and/or email change then send an email to the last registered email address asking for approval. Send a link which will confirm manual approval for the change requested. If the original user requested the change then they are liable for their action. Now, if the user do not have access of the email address only then ask the mods/admins to help them out. I believe this small tweak in sending email, will be saving a lot of time for both the users who are victim and mods/admins.


Update:
A little correction...
For password change send approval email to the current registered email account and for email change send approval email to the last registered email.
copper member
Activity: 2562
Merit: 2510
Spear the bees
June 11, 2018, 04:49:38 PM
#44
Here we have yet another admin wannabe. great. Wink
Do you hear that sound, whizzing over your head?

It's a bird, it's a plane, no wait...
w H O O O O O S H H H H

I know it's hard but you should stop trying to be such a cunt. Maybe you heard the phrase wrong: it's not "you eat what you are"
full member
Activity: 1442
Merit: 108
June 11, 2018, 11:45:06 AM
#43
OP is admin Roll Eyes

Based on this sticky post on this section, you will ask signed message with your new email address.
https://bitcointalksearch.org/topic/recovering-hacked-accounts-or-accounts-with-lost-passwords-497545

1) I know that. What difference does it make to how should I address him ?

2) I know the process to recover as well. I am asking about specific thing not mentioned in that thread.


OP, what happens after the account is unlocked by the admin ? What will be the email id in that account - earlier one or the one that hacker used?
It will be the one the hacker used. This allows it so even if an admin recovers an account the hacker still has access to the account. /s

So, what stops the hacker to gain access back to the account ? Still waiting for an official reply on this.
copper member
Activity: 1330
Merit: 899
🖤😏
June 09, 2018, 12:40:52 AM
#42
OP, what happens after the account is unlocked by the admin ? What will be the email id in that account - earlier one or the one that hacker used?
It will be the one the hacker used. This allows it so even if an admin recovers an account the hacker still has access to the account. /s

Here we have yet another admin wannabe. great. Wink
copper member
Activity: 2996
Merit: 2374
June 08, 2018, 11:52:00 PM
#41
OP, what happens after the account is unlocked by the admin ? What will be the email id in that account - earlier one or the one that hacker used?
It will be the one the hacker used. This allows it so even if an admin recovers an account the hacker still has access to the account. /s
member
Activity: 80
Merit: 10
DAMN SON!
June 08, 2018, 12:54:27 PM
#40
OP, what happens after the account is unlocked by the admin ?
OP is admin Roll Eyes

Quote
What will be the email id in that account - earlier one or the one that hacker used?
Based on this sticky post on this section, you will ask signed message with your new email address.
https://bitcointalksearch.org/topic/recovering-hacked-accounts-or-accounts-with-lost-passwords-497545
newbie
Activity: 91
Merit: 0
June 08, 2018, 12:40:10 PM
#39
Thanks theymos this is a good security features.
this is an effort to improve the security of our work system
full member
Activity: 1442
Merit: 108
June 08, 2018, 12:49:15 AM
#38
OP, what happens after the account is unlocked by the admin ? What will be the email id in that account - earlier one or the one that hacker used?
full member
Activity: 239
Merit: 250
January 06, 2018, 10:16:15 PM
#37
You should have implemented this long ago.

Too bad for me, you implement this only after my account got hacked.
My hacked Dorky account underwent both password and email change less than 14 days ago.
And the last time I check my old email inbox, I don't see any notification there.
I suppose it is now 100% gone.

Update:
So I received notification to this "Dorkie"
But I received no notification to "Dorky" when I try to recover password for this username.
The old email address used by "Dorky" is the same as I used it with this account.

Update #2:
Pissed that my Dorky account lost to this.
Nevertheless let's hope this added security notification will help to significantly reduce (if not totally eliminate) all account hacking.
It may not be able to save my "Dorky", but at least it may save many other accounts from now onward.
indeed.
i also lost my account prior to hack.
the email changed and last time i asked to mod, it's banned already.
i think they also should record 'first email registered' to verify account ownership manually
member
Activity: 150
Merit: 11
The Great Trader
November 22, 2017, 07:33:04 PM
#36
theymos

Sorry Guest, you are banned from using this forum!
For security, your account has been locked. Email [email protected]

-----BEGIN BITCOIN SIGNED MESSAGE-----
My account has been hacked/lost. Please reset the email to <[email protected]>. The current date is <01.11.2017 /23.11.2017>.

Account locked . Nick Afandoras  . Helpp
newbie
Activity: 74
Merit: 0
November 22, 2017, 07:27:15 PM
#35
This is good security measure but is it working?

My account https://bitcointalksearch.org/user/mrsalve-400666 got hacked 14'th of Nov. Email changed and then password.

I got in to it quickly in minutes after it was done. Clicked a link and thought thief can't use account any more.
Checking now my account activity I notice someone has been it on it today cus it showing last activity Last Active:
November 22, 2017, 03:12:06 AM???


Btw Cyrus or theymos if you find time I would like to get my account back. I sent PM's to you with proof that I'm a original email holder and then other one with signed message.

member
Activity: 252
Merit: 10
November 19, 2017, 03:54:29 AM
#34
Thank theymos,

is this email security features can request new password if we forgot it?

Yes. Just set forgit password and enter your username or email then email notification sent to your email.
sr. member
Activity: 462
Merit: 254
November 07, 2017, 12:50:28 PM
#33
Please move this thread on top of Meta section.
legendary
Activity: 2702
Merit: 2053
Free spirit
November 02, 2017, 12:26:44 PM
#32
I noticed this news only now. It's great, I hope it will help to reduce number of hacked accounts. From what I saw, amount of hacked accounts big in recent months. Important thing - don't use same password on Bitcointalk and email
P.S. As I understand, administrator (theymos and Cyrus) have ability to change user email address? Why they may need to it?

For an example. What if some one loses their password but no longer has use of that old inbox to reset the password. But luckily they can prove they can sign a message from an associated BTC address.  "I am Darren at BCT Forum-07860986060869#"

There must be a mechanism for an Admin to achieve such changes. When they deem appropriate, admin is a responsible role.





legendary
Activity: 3234
Merit: 1375
Slava Ukraini!
November 02, 2017, 09:43:22 AM
#31
I noticed this news only now. It's great, I hope it will help to reduce number of hacked accounts. From what I saw, amount of hacked accounts big in recent months. Important thing - don't use same password on Bitcointalk and email
P.S. As I understand, administrator (theymos and Cyrus) have ability to change user email address? Why they may need to it?
newbie
Activity: 56
Merit: 0
October 22, 2017, 02:24:27 PM
#30
how to do this at my end?
full member
Activity: 294
Merit: 100
October 22, 2017, 01:57:53 PM
#29
Thanks for doing this Theymos. Maybe a lot of people will complain on why these security features were applied just now. But monitoring and managing these huge community from different backgrounds to different parts of the world is really hard. So I really appreciate your hardwork here in bitcointalk and for providing us a more secure venue. I know you're doing all your best to make everything here work smoothly.
copper member
Activity: 2562
Merit: 2510
Spear the bees
October 22, 2017, 01:28:43 AM
#28
However, my question is that, if someone for example attempted to hack the account, I get a notification in my email which I took action on, how do I claim my account back? That part is not clear in any of the posts earlier.
It's clear. If your password is changed, you receive an email notification. Thus, you can reset your password via email. If however the email is changed, then you have a link to lock your account and retrieve the account.
What was unclear?

This covers all (2) scenarios when someone's account is hacked.
member
Activity: 136
Merit: 25
October 21, 2017, 12:07:44 PM
#27
Yeah, anybody with more than four brain cells knows that an email address should have something to do with account security. It shouldn't just serve as a label. Seriously
newbie
Activity: 28
Merit: 0
October 21, 2017, 11:48:36 AM
#26
"Sorry abdillahzidan, you are not allowed to post or send private messages in this forum.
You have been banned by forum moderators. You can appeal here: [email protected]."There is a notification like that on my old account But up to now there has been no response at all despite sending a mail to that address. There is an odd crosshatch with that address , but hope I just want my account can be commented again and can send personal message as before-before nya.To consideration I will include link profile and activity link
link profile; https://bitcointalksearch.org/user/abdillahzidan-1052912
https://bitcointalksearch.org/user/abdillahzidan-1052912;sa=showPosts
Thank you for all
hero member
Activity: 1330
Merit: 569
October 21, 2017, 07:26:08 AM
#25
This is something to be happy about as this increase the amount of security to the account. However, my question is that, if someone for example attempted to hack the account, I get a notification in my email which I took action on, how do I claim my account back? That part is not clear in any of the posts earlier. Also, is there a way for the source of the message to be made public so that I know before hand where the address I should receive a message from in case there is an attack, this is important not to fall for phishing mails and not to willingly give the access thinking one is denying such.
sr. member
Activity: 952
Merit: 339
invest trade and gamble wisely
October 21, 2017, 06:29:00 AM
#24
About time  Wink ...hope this can reduce amount of hacked accounts.
member
Activity: 136
Merit: 25
October 20, 2017, 09:41:23 PM
#23
I added email notifications for some security events:

Whenever your password is changed (except by an administrator), you will get an email about it.

Whenever your email is changed (except by an administrator), your old email will get an email about it with a link to lock your account. The link is valid for 14 days.

Let me know if you find any bugs.

Post edited. I thought there was a bug, but alas, looks like I never got the email notification when the email was changed. Now some douchebag who can't even speak English is making money spamming the forum using my identity.
member
Activity: 99
Merit: 10
October 19, 2017, 05:26:04 AM
#22
This will surely discourage most account hacking attempts, if most people are able to lock their account after a suspicious password/email change. It will probably lower the workload of Admins regarding this problem as well.

It would also be great if the recovery process would be automated somehow. As an example, being able to trigger a password reset from that same security email. Or enable a form to submit a link to a posted bitcoin address and a signed message with that address, which can be automatically verified so that the Admins don't have to do it manually.

Thanks again.
sr. member
Activity: 462
Merit: 281
dApps Development Automation Platform
October 19, 2017, 03:55:06 AM
#21
Thank you for improved security
sr. member
Activity: 560
Merit: 257
October 19, 2017, 01:10:02 AM
#20
Great work, I hope this feature will continue to exist to prevent and anticipate hacked accounts.
Thanks theymos.
full member
Activity: 378
Merit: 100
October 18, 2017, 09:34:58 PM
#19
Thank theymos,

is this email security features can request new password if we forgot it?
newbie
Activity: 1
Merit: 0
October 18, 2017, 05:51:17 PM
#18
What is the procedure to get your account unlocked? What amount of resources will be put into unlocking accounts?

It's on the same level as other recovery requests. So don't do it lightly. But it's better than actually allowing your account to be/remain compromised.

When you click an account-lock link, there's a paragraph explaining this.

Hello theymos,

I emailed you two days regarding my account being hacked. https://bitcointalksearch.org/user/cryptotech-397698
It looks that it was hacked on October 15th.  You can see all the activity thats taken place since its been hacked. Random post on ICO threads, airdrops, speaking in Russian, etc.  Also looks as if he has went and deleted alot of my post.  You can see my main thread for TheCryptoChat here https://bitcointalksearch.org/topic/ann-thecryptochat-real-time-chat-explorers-faucets-quick-help-more-1574268

You added this feature for the email today but can you make that work for an account that was just compromised a 3 days ago?  I would really like to get my account back if at all possible as its been my account since 2014 and most know me by my username.  If you check your email you should see an email from me on Oct. 16th the day I noticed my account was hacked.

Hope to hear from you soon. Thanks.
administrator
Activity: 5222
Merit: 13032
October 18, 2017, 01:11:49 PM
#17
What is the procedure to get your account unlocked? What amount of resources will be put into unlocking accounts?

It's on the same level as other recovery requests. So don't do it lightly. But it's better than actually allowing your account to be/remain compromised.

When you click an account-lock link, there's a paragraph explaining this.
copper member
Activity: 2996
Merit: 2374
October 18, 2017, 12:29:22 PM
#16
your old email will get an email about it with a link to lock your account.
What is the procedure to get your account unlocked? What amount of resources will be put into unlocking accounts?
member
Activity: 420
Merit: 13
October 18, 2017, 11:41:21 AM
#15
Would it be possible to send this notification to accounts which changed password in the last, say 14 days or so? So we can recover them by ourselves?

I tried that on my hacked account. No.
sr. member
Activity: 462
Merit: 254
October 18, 2017, 11:35:11 AM
#14
admin must unlock.
and hacker can not use the account (with the new email).

Ban and Lock is not the same feature.
Ban invalidate the email, you can not use this email.

So, it's good ... Ip & email can be blacklist after.
So its still the same procedure (signed message) to get the account back (unlocked) with old email address?
legendary
Activity: 1512
Merit: 1012
October 18, 2017, 11:19:44 AM
#13
admin must unlock.
and hacker can not use the account (with the new email).

Ban and Lock is not the same feature.
Ban invalidate the email, you can not use this email.

So, it's good ... Ip & email can be blacklist after.
sr. member
Activity: 462
Merit: 254
October 18, 2017, 11:12:25 AM
#12
I added email notifications for some security events:

Whenever your password is changed (except by an administrator), you will get an email about it.

Whenever your email is changed (except by an administrator), your old email will get an email about it with a link to lock your account. The link is valid for 14 days.

Let me know if you find any bugs.
Hooray! This was a MUCH needed feature. Hope I can recover my hacked account in the coming days...

PS Would it be possible to send this notification to accounts which changed password in the last, say 14 days or so? So we can recover them by ourselves?

Thanks again!

That brings me a question in mind and I don't want to try out:
What will happen, if I locked my account? Can I then reset the password via email or must admin unlock?
member
Activity: 99
Merit: 10
October 18, 2017, 11:07:28 AM
#11
I added email notifications for some security events:

Whenever your password is changed (except by an administrator), you will get an email about it.

Whenever your email is changed (except by an administrator), your old email will get an email about it with a link to lock your account. The link is valid for 14 days.

Let me know if you find any bugs.
Hooray! This was a MUCH needed feature. Hope I can recover my hacked account in the coming days...

PS Would it be possible to send this notification to accounts which changed password in the last, say 14 days or so? So we can recover them by ourselves?

Thanks again!
legendary
Activity: 3318
Merit: 4606
diamond-handed zealot
October 18, 2017, 10:44:00 AM
#10
thanks theymos
sr. member
Activity: 462
Merit: 254
October 18, 2017, 10:32:12 AM
#9
Many thanks, theymos, for this new security feature. It is also good, that for changing email address no confirmation but locking link will be sent, because for some reasons it could be, that email is lost or a change for other reasons necessary.
sr. member
Activity: 336
Merit: 250
October 18, 2017, 10:10:07 AM
#8
This is a great addition to the security features of our accounts.

It will also prevent or at least lessen the number of members selling their bitcointalk account.
member
Activity: 444
Merit: 31
Still a manic miner
October 18, 2017, 09:48:06 AM
#7
i wish this was applied some days ago.. my hero account was stolen, it was "_javi_"

i pm´ed theymos but no response yet.
I cant sign a msg cause i didnt have a linked btc address. But i have a huge list of emails for the PM i got since 2014.. doesnt it prove ownership??

 if you look at _javi_ latest post, its SO obvious that it was stolen.. or i learned to write in a weird language i cant even recognize.. changed my email.. and changed avatar for "eidoo whatsoever" (get ready for the scam)
https://bitcointalksearch.org/user/javi-144120
(my last post was October 13, 2017, 04:52:58 PM)

theymos, Cyrus.. if you still read this thread.. plz take a look at my case.
full member
Activity: 308
Merit: 100
October 18, 2017, 07:31:26 AM
#6
Great thing to improve security! I hope there won't be so much hacks now. Thanks for your work!

P.S.
I've just tried it. No bugs have been spotted.
legendary
Activity: 2702
Merit: 2053
Free spirit
October 18, 2017, 07:27:56 AM
#5
Thanks Theymos this great news since we seem to be under attack a lot.




legendary
Activity: 1512
Merit: 1012
October 18, 2017, 06:54:19 AM
#4
Whenever your email is changed (except by an administrator), your old email will get an email about it with a link to lock your account.
The link is valid for 14 days.

Verified, no problem.

email with LOCK command work great for my temporary account already banned after the successful recovery.


legendary
Activity: 1512
Merit: 1012
October 18, 2017, 06:31:13 AM
#3
Whenever your password is changed (except by an administrator), you will get an email about it.

Verified , no problem, email received if password is changed.

+logout
+login to test changed password
= no problem.

+forgot password link
+email received to reset password
+change password
= no problem.
member
Activity: 420
Merit: 13
October 17, 2017, 10:09:52 PM
#2
You should have implemented this long ago.

Too bad for me, you implement this only after my account got hacked.
My hacked Dorky account underwent both password and email change less than 14 days ago.
And the last time I check my old email inbox, I don't see any notification there.
I suppose it is now 100% gone.

Update:
So I received notification to this "Dorkie"
But I received no notification to "Dorky" when I try to recover password for this username.
The old email address used by "Dorky" is the same as I used it with this account.

Update #2:
Pissed that my Dorky account lost to this.
Nevertheless let's hope this added security notification will help to significantly reduce (if not totally eliminate) all account hacking.
It may not be able to save my "Dorky", but at least it may save many other accounts from now onward.
administrator
Activity: 5222
Merit: 13032
October 17, 2017, 09:47:10 PM
#1
I added email notifications for some security events:

Whenever your password is changed (except by an administrator), you will get an email about it.

Whenever your email is changed (except by an administrator), your old email will get an email about it with a link to lock your account. The link is valid for 14 days.

Let me know if you find any bugs.
Jump to: