[Guide] Bitcointalk account security

sncc

hero member

Activity: 536

Merit: 513

Quote from: DdmrDdmr on December 27, 2018, 10:44:07 AM

Hi @sncc. I was wondering if you are planning to revise and adapt the content of your guide is sight of the resent procedure change, announced yesterday:
Recovering hacked/lost accounts.
Account recoveries are moving again.

Note: if you do, the forum recovery email changes over time, and @theymos indicated that it would be better to refer to the OP to retrieve the contact email each time: re:Account recoveries are moving again.

Yes I was editing the OP, you were quick! For now I added a note with links and eventually plan to revise the OP more when I have sufficient time. Anyhow this is a good news for people whose accounts were hacked or locked.

DdmrDdmr

legendary

Activity: 2240

Merit: 10532

There are lies, damned lies and statistics. MTwain

Quote from: ?? on ??

Bump.

Hi @sncc. I was wondering if you are planning to revise and adapt the content of your guide is sight of the resent procedure change, announced yesterday:
Recovering hacked/lost accounts.
Account recoveries are moving again.

Note: if you do, the forum recovery email changes over time, and @theymos indicated that it would be better to refer to the OP to retrieve the contact email each time: re:Account recoveries are moving again.

sncc

hero member

Activity: 536

Merit: 513

Quote from: DdmrDdmr on November 18, 2018, 01:34:35 PM

<...>

Good point, it is worthwhile to emphasize it. Added in the OP.

Quote

- Untrusted softwares include Bitcointalk unofficial apps, whose security is not guaranteed by the forum and in principle they can steal the password of your account.

DdmrDdmr

legendary

Activity: 2240

Merit: 10532

There are lies, damned lies and statistics. MTwain

Perhaps it would be interesting to add a warning in the OP in relation to Bitcointalk non-official apps that can be found either being promoted on this same forum, or on some online app stores such as Google Play. These apps are of potential high risk to one’s account credentials.

sncc

hero member

Activity: 536

Merit: 513

Quote from: LoyceV on October 06, 2018, 09:00:13 AM

All homograph attacks should be automatically replaced on all non-local boards. This means fake links can still be posted in (for instance) a Russian thread.

Good to know that, at least in the non-local board we do not have the issue. However non-Cyrillic characters like

ą ç í î ị ň ṇ ö ó ọ ú

are not replaced and one needs to be careful about it. They are actually different characters but still could be used for a similar kind of attack like the Binance phishing website, they are less dangerous than the previous ones though. For example,

True https://bitcointalk.org/
Fake https://bitcoiṇtalk.org/ (link to google.com)

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: sncc on October 06, 2018, 03:09:35 AM

Now it seems that
- (some?) homograph attacks are automatically replaced, and
- fake link is automatically replaced

All homograph attacks should be automatically replaced on all non-local boards. This means fake links can still be posted in (for instance) a Russian thread.

sncc

hero member

Activity: 536

Merit: 513

Quote from: LoyceV on August 18, 2018, 01:47:17 PM

Quote from: sncc on August 18, 2018, 10:46:13 AM

True https://bitcointalk.org/
Fake https://www.google.com/ (link to google.com)

Did you mean this:
True https://bitcointalk.org/
Fake https://www.google.com/ (link to google.com)
Theymos is smart Cheesy

Fake links work in preview, but get fixed when posted.

However, a homograph attack can still be used to create a fake link:
True https://bitcointalk.org/
Fake https://www.google.com/ (link to google.com)

Now it seems that
- (some?) homograph attacks are automatically replaced, and
- fake link is automatically replaced

Quote from: peter0425 on September 23, 2018, 05:01:41 PM

Hi,

I was able to recover my account as well here: https://bitcointalksearch.org/topic/peter0425-account-hacked-4497259
The method I used was similar to Swenna (probably the same hacker) but prior to him/her spilling the beans.. I just didn't put in Meta how I recovered my account because I don't want the hacker/s to have a idea how I did it. But since Swenna reveal the method, (she/he did it in good faith though),I confirmed that its the step I took to get back my account, just saying.

Yes I was aware of your story. It is a difficult issue whether the method should be disclosed or not, as the hackers will notice it as well. Added a note to the OP.

Quote from: hotforblockchain on October 05, 2018, 06:04:33 AM

Quote from: Welsh on August 30, 2018, 06:32:56 AM

Quote from: hotforblockchain on August 30, 2018, 06:21:52 AM

Also this applies to bounties who asks for registration to their websites, this could be attempt of stealing your details.

Honestly, I wouldn't trust half of them, and would be using a disposable email. But, that's just me.

I wouldn't also , if i have to I make new email to register with them.
I think that warning about this should be included in original post, since a lot of users do not know this or just haven't thought about this problem.

I think it is a little bit off-topic as it is not related to the security of the Bitcointalk account. Also, the collection of email addresses and personal data always happens for any kind of registration, not only bounties. Focusing on the registration of Bitcointalk, the OP already recommended to use new email address. Having said that I understand your concern and added a remark as a related topic.

hotforblockchain

member

Activity: 266

Merit: 26

Quote from: Welsh on August 30, 2018, 06:32:56 AM

Quote from: hotforblockchain on August 30, 2018, 06:21:52 AM

Also this applies to bounties who asks for registration to their websites, this could be attempt of stealing your details.

Honestly, I wouldn't trust half of them, and would be using a disposable email. But, that's just me.

I wouldn't also , if i have to I make new email to register with them.
I think that warning about this should be included in original post, since a lot of users do not know this or just haven't thought about this problem.

peter0425

sr. member

Activity: 2618

Merit: 439

Hi,

I was able to recover my account as well here: https://bitcointalksearch.org/topic/peter0425-account-hacked-4497259
The method I used was similar to Swenna (probably the same hacker) but prior to him/her spilling the beans.. I just didn't put in Meta how I recovered my account because I don't want the hacker/s to have a idea how I did it. But since Swenna reveal the method, (she/he did it in good faith though),I confirmed that its the step I took to get back my account, just saying.

Welsh

staff

Activity: 3248

Merit: 4110

Quote from: hotforblockchain on August 30, 2018, 06:21:52 AM

Also this applies to bounties who asks for registration to their websites, this could be attempt of stealing your details.

This has happened in the past, and continues to happen today. These bounties are an easy way to collect data, because people are willing to put in anything for the promise of free coins. There's been numerous fake bounties in an attempt to farm user details from native users signing up to everything, and anything.

Honestly, I wouldn't trust half of them, and would be using a disposable email. But, that's just me.

hotforblockchain

member

Activity: 266

Merit: 26

I just recently came across a possible security problem in this forum which seems not to be mentioned here and i believe should be.

Do not give out your frequently used email address to bounty managers , there are a lot managers who do not protect email addresses which they collect during bounty and they can be easily copied.

Also this applies to bounties who asks for registration to their websites, this could be attempt of stealing your details.

sncc

hero member

Activity: 536

Merit: 513

Quote from: athanz88 on August 26, 2018, 10:11:59 AM

Thanks for a great guide and yes, it should be on sticky threads i guess, and it will be great if it can be on every local board too.

As the account security is fundamental and important thing, it would be good to have more exposure. I would appreciate if this thread is in the stickies and translated into other languages.

Quote from: athanz88 on August 26, 2018, 10:11:59 AM

By the way, mind if i translate it for my local board??

Sure feel free to translate this thread.

Quote from: LoyceV on August 26, 2018, 10:38:21 AM

Although I appreciate the endorsements, I don't think it's very likely for a user to go from "foot soldier" to Admin Cheesy

You deserve the position, we'll see

Quote from: mapuche33 on August 27, 2018, 01:18:04 PM

Honestly I'm not sure, I cannot recall if I was victim of phishing by making click on some URL posted on the forum. However, I remember using the search engine of btctalk days before being hacked (which asked me to login). Fake site bitcointalk.to I don't think so because I never remember my credentials so password-managers take care of it.

I think it is normal that forum search requires you to login. It should have not been a phishing site.

Quote from: mapuche33 on August 27, 2018, 01:18:04 PM

I always use different user names & random passwords on each site, also have several emails for different uses. The only thing that I regret is that my password wasn't that strong (12 characters) and after the 2015 data breach I changed the password by just adding a symbol. Also I should have done the homework of regularly changing all my password on January of this year but I didn't.
Even though, I still blame Admins because it could have been prevented just by being proactive.

It might have been a combination of data breach and brute force hacking if you added a symbol to the old password. I think now we really need to be careful about the protection of our accounts.

mapuche33

jr. member

Activity: 55

Merit: 15

Quote from: sncc on August 19, 2018, 01:13:38 AM

Thanks for tips, actually I was wondering why your account was hacked since you did these security measures? If you have somehow identify the reason why your account was hacked and potential loophole of the above strategies that would be worthwhile to share.

Honestly I'm not sure, I cannot recall if I was victim of phishing by making click on some URL posted on the forum. However, I remember using the search engine of btctalk days before being hacked (which asked me to login). Fake site bitcointalk.to I don't think so because I never remember my credentials so password-managers take care of it.
I always use different user names & random passwords on each site, also have several emails for different uses. The only thing that I regret is that my password wasn't that strong (12 characters) and after the 2015 data breach I changed the password by just adding a symbol. Also I should have done the homework of regularly changing all my password on January of this year but I didn't.
Even though, I still blame Admins because it could have been prevented just by being proactive.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Although I appreciate the endorsements, I don't think it's very likely for a user to go from "foot soldier" to Admin Cheesy

athanz88

sr. member

Activity: 476

Merit: 359

Quote from: sncc on August 25, 2018, 11:35:01 AM

Quote from: TheBeardedBaby on August 22, 2018, 05:39:02 AM

I think this should be in the stickies, for better exposure. Wonder why it's not there yet.

It would be useful as the account security is a fundamental issue of the forum....

Thanks for a great guide and yes, it should be on sticky threads i guess, and it will be great if it can be on every local board too.

Quote from: sncc on August 25, 2018, 11:35:01 AM

Quote from: Welsh on August 22, 2018, 03:54:08 PM

Theymos mentioned ....

hilariousandco would be one the most natural candidates....

I support hillariousandco and LoyceV to be one of the authority person to do some account recovery task. They are one of the oldest and best member in here and is active in Meta and want to spare their time for the sake of the forum. I believe there are more members like that but they are the most members i have seen since the day i joined the forum.

By the way, mind if i translate it for my local board??

sncc

hero member

Activity: 536

Merit: 513

Quote from: TheBeardedBaby on August 22, 2018, 05:39:02 AM

I think this should be in the stickies, for better exposure. Wonder why it's not there yet.

It would be useful as the account security is a fundamental issue of the forum. Even if it is not going to be in the stickies, I plan to continue to bump the thread and hope more forum members become aware of how to improve their account security.

Quote from: Welsh on August 22, 2018, 03:54:08 PM

Theymos mentioned recently that he's not complete opposed to delegating more responsibilities onto others for account recoveries. I imagine he would have to make sure that they were capable of it, but I'm sure hilariousandco and the like would be more than capable of it.

hilariousandco would be one the most natural candidates. He already has a permission to unlock accounts as well. I am sure LoyceV is also capable of it as he has been helping recovery of hacked accounts and made key contributions for several cases to be resolved.

Welsh

staff

Activity: 3248

Merit: 4110

Theymos mentioned recently that he's not complete opposed to delegating more responsibilities onto others for account recoveries. I imagine he would have to make sure that they were capable of it, but I'm sure hilariousandco and the like would be more than capable of it.

TheBeardedBaby

legendary

Activity: 2184

Merit: 3134

₿uy / $ell

Quote from: sncc on August 22, 2018, 05:27:01 AM

Bump. Still see many accounts are hacked, hope more users learn the security.

I think this should be in the stickies, for better exposure. Wonder why it's not there yet.

sry, hilarious I could't resist it..

sncc

hero member

Activity: 536

Merit: 513

Bump. Still see many accounts are hacked, hope more users learn the security.

jointherevolution

jr. member

Activity: 229

Merit: 3

EndChain - Complete Logistical Solution

Thanks for taking time to put together this guide. I obtained some tips to make my password stronger from this.

Topic: [Guide] Bitcointalk account security (Read 2337 times)