GLBSE2.0 is nothing close to solid. All you need now to get access to someone’s account is their e-mail address and password. That is it!
What is not solid about that? Take care of your passwords and make them secure enough with something like KeePass. Most users on most Bitcoin exchanges have the same kind of protection.
You can take your password and encrypt it exactly like you encrypted your private key if you want.
I agree though that a 2nd auth with your phone would be preferable here, but I don’t think your topic’s title is appropriate, because yes, having a PW is safe if you can take care of it.
Much more concerning is the question whether GLBSE now has any exploitable vulnerabilities etc., I would really like to see Patrick Strateman (from Intersango, where Nefario works too) do some penetration testing like he did with other exchanges if it hasn’t yet happened.
I can keep my password safe but he forced me to use an account that was not safe. To get the password to that account all you need to know is what city I was born in. Had I known that this feature would have been implemented I would have never used that e-mail address. Hell I doubt I would have even signed up.
What do you think the title of this thread should be? I am open to changing it if you have a better idea.
Just pm Nefario and ask him to change your email address? Why this drama?
The drama because I've locked his account and asked for ID verification.
His reply:
I had also told him about a policy I'd like to implement, reducing the number of assets a single account/person can create, although I think that can wait until another time, certainly until this gets sorted out.
I'll unlock it as soon as he provides this information.
GLBSE2.0 is nothing close to solid. All you need now to get access to someone’s account is their e-mail address and password. That is it!
This is complete rubbish, Chaang is using Gmail, which itself uses two factor authentication, and is as secure as any internet connected system available. It's weakness are the users, their choice of password (password strength) and whether they re-use that password.
A strong, single use password is as good as it gets without adding two factor authentication (something I'm researching).
Keeping in mind that all other exchanges and most other websites do the same, username/password, account recovery through email GLBSE2.0 is not exceptionally more or less secure.
I'm a very reasonable person, and I find it unsettling how quickly this has been splashed across several threads on the forums. About 5 hours after I emailed him asking (asking, not demanding) for proof of identity, in a clear attempt to pressure me to unlock his account.
Nefario
), that's just lazy. 
