Do you allow translations of this guide into other languages?
Yes go ahead for any languages except Japanese since I've started to work on it no need to duplicate the effort.
Topic: [Guide] Bitcointalk account security - page 2. (Read 2340 times)
Update: [GUIDES] on Bitcointalk. Index thread (work in progress).
When there is a child board, insubstantial topics can be Reported and moved. As an alternative: if users can't create new topics on that board, only Mods can move existing good topics, which keeps the quality high.
Thanks, looks good, this will be very useful.When there is a child board, insubstantial topics can be Reported and moved. As an alternative: if users can't create new topics on that board, only Mods can move existing good topics, which keeps the quality high.
Yes this is a nice index thread covering a wide range of topics. This one https://bitcointalksearch.org/topic/overview-the-one-thread-to-link-them-all-1217042 is also useful.
I would also add in the password section that one shouldn't use the same password for multiple websites.
It was written so in the OP.Do you allow translations of this guide into other languages?
Yes go ahead for any languages except Japanese since I've started to work on it no need to duplicate the effort.
Great guide! It brings together all the informations new members and hacked members need to have. A very good summary.
Do you allow translations of this guide into other languages?
Do you allow translations of this guide into other languages?
Thanks for the guide! It looks good 
I would also add in the password section that one shouldn't use the same password for multiple websites.
This is the main issue with many of the account hacks (along side phishing of course), there are a lot of people requesting others to sign-up on their new website (bounty campaign, new coin etc) and people make the mistake to use their bitcointalk credentials or use the same password.
It is extremely easy to setup a site that only collects that information and people may unknowingly give away their credentials for a couple bucks.
I would also add in the password section that one shouldn't use the same password for multiple websites.
This is the main issue with many of the account hacks (along side phishing of course), there are a lot of people requesting others to sign-up on their new website (bounty campaign, new coin etc) and people make the mistake to use their bitcointalk credentials or use the same password.
It is extremely easy to setup a site that only collects that information and people may unknowingly give away their credentials for a couple bucks.
nice,
I found a good thread about the index made by xtraelv with use search "[GUIDE]", maybe you can just add a topic that isn't there yet.
https://bitcointalksearch.org/topic/index-to-popular-bitcointalk-threads-2018-4422529
I found a good thread about the index made by xtraelv with use search "[GUIDE]", maybe you can just add a topic that isn't there yet.
https://bitcointalksearch.org/topic/index-to-popular-bitcointalk-threads-2018-4422529
Actually I had the same idea of the index thread and opened it in Japanese local board collecting the links to the guide threads in Japanese board with basic FAQs for Newbies, which has been pinned and seems to be working well. While the index thread is sufficient for Japanese local board rather than guide section as it is not so active board but for English main board I am not quite sure which option suits better. One thing is that for index thread we could also discuss the qualities of guides using replies to the index thread so not necessarily completely depending on one person's decision.
How about I just create an index thread? I'll start working on it later today. This doesn't have to wait for a child board, and if the list gets long enough, it can be used as an argument for a child board.Update: [GUIDES] on Bitcointalk. Index thread (work in progress).
When there is a child board, insubstantial topics can be Reported and moved. As an alternative: if users can't create new topics on that board, only Mods can move existing good topics, which keeps the quality high.
<...>
Good catch, will work on them.Great guide, man. I think now we need what Vod suggested earlier, a separate section only for guides, we have have enough guides to support the suggestion.
Wouldn't a sticky thread with links be better than a child board? If one person maintains it with updated links to all new guides, the guides don't even have to be on the same board.
Perhaps. Nevertheless the way it is organized on the Italian board seems easy to find too. If only one sticky acts as an index, and is maintained by a specific user, then he/she can sort of "supervise" the guide quality/utility before adding it to the sticky post. On the other hand, the Italian solution allows for a decentralized approach, where all guides are concentrated under one child board. The downside to this is what I mentioned previously: not all guides there are good really, but anyone can add a guide to something there.I guess that, from a quality point of view, the single user managed sticky thread would be better, but from the freedom to add a guide point of view, then the latter option is fine. One option is like an index, and the other like a directory.
Thanks for making this very detailed guide about Bitcointalk account security. I hope that people will use your advices to secure their accounts.. I see that you mentioned my name in your article . Well, I'm so happy that Cyrus recovered my account so fast. But at the same time I'm feeling so sad for users who are waiting long months or years for account recovery. I hardly can imagine their feelings. Unfortunately, in recent months I haven't saw users who regained access to their accounts. It seems that admins stopped to recover accounts. But theymos said that he are making automated account recovery system, I hope that he will release it soon and users will get chance to get their accounts back.
You were extremely lucky and yes the recovery of the hacked/lost accounts is one of the biggest issue so I hope the guide thread will work and partially remedy the problem. . Well, I'm so happy that Cyrus recovered my account so fast. But at the same time I'm feeling so sad for users who are waiting long months or years for account recovery. I hardly can imagine their feelings. Unfortunately, in recent months I haven't saw users who regained access to their accounts. It seems that admins stopped to recover accounts. But theymos said that he are making automated account recovery system, I hope that he will release it soon and users will get chance to get their accounts back.
Thanks for making this very detailed guide about Bitcointalk account security. I hope that people will use your advices to secure their accounts.. I see that you mentioned my name in your article . Well, I'm so happy that Cyrus recovered my account so fast. But at the same time I'm feeling so sad for users who are waiting long months or years for account recovery. I hardly can imagine their feelings. Unfortunately, in recent months I haven't saw users who regained access to their accounts. It seems that admins stopped to recover accounts. But theymos said that he are making automated account recovery system, I hope that he will release it soon and users will get chance to get their accounts back.
. Well, I'm so happy that Cyrus recovered my account so fast. But at the same time I'm feeling so sad for users who are waiting long months or years for account recovery. I hardly can imagine their feelings. Unfortunately, in recent months I haven't saw users who regained access to their accounts. It seems that admins stopped to recover accounts. But theymos said that he are making automated account recovery system, I hope that he will release it soon and users will get chance to get their accounts back. 
Wouldn't a sticky thread with links be better than a child board? If one person maintains it with updated links to all new guides, the guides don't even have to be on the same board.
Perhaps. Nevertheless the way it is organized on the Italian board seems easy to find too. If only one sticky acts as an index, and is maintained by a specific user, then he/she can sort of "supervise" the guide quality/utility before adding it to the sticky post. On the other hand, the Italian solution allows for a decentralized approach, where all guides are concentrated under one child board. The downside to this is what I mentioned previously: not all guides there are good really, but anyone can add a guide to something there.I guess that, from a quality point of view, the single user managed sticky thread would be better, but from the freedom to add a guide point of view, then the latter option is fine. One option is like an index, and the other like a directory.
By the way, the Italian board already has a child board for guides which looks rather neat and has plenty of usefull guides there: https://bitcointalk.org/index.php?board=153.0. This should be a general practice and perhaps some of the OPs of the guides could get them translated for other guide child boards alike.
Wouldn't a sticky thread with links be better than a child board? If one person maintains it with updated links to all new guides, the guides don't even have to be on the same board. Great guide, man. I think now we need what Vod suggested earlier, a separate section only for guides, we have have enough guides to support the suggestion.
Very nice guide indeed. Well done and thank you.By the way, the Italian board already has a child board for guides which looks rather neat and has plenty of usefull guides there: https://bitcointalk.org/index.php?board=153.0. This should be a general practice and perhaps some of the OPs of the guides could get them translated for other guide child boards alike.
The only drawback I’ve seen there is that not all guides are thorough, and some of them are basically a link to an external article or video. There are therefore good looking guides and vail attempts in the guide child board, but at least they are all in a single place for reference.
Great guide, man. I think now we need what Vod suggested earlier, a separate section only for guides, we have have enough guides to support the suggestion.
2. Use new email address
And don't tell about it anyone. It should be applied to that registration only - not communications nor registrations in other services.
Quote
5. Do not download untrusted softwares and keep your device clean from malware
This also concerns browser scripts and extensions.
Quote
6. Keep your device and browser updated to the latest version.
Not only browser and device. It includes:
- all the software you use (especially related to cryptocurrencies - wallets, for example);
- all the devices you use on a par with your computer (smartphones, tablets, routers etc.).
Some of these need extra tuning to be secure. Also some of them could be more or less secure from the start.
Quote
- Some phishing links are automatically replaced by [phishing link]
I guess you mean that [Suspicious link removed] thing.
Quote
- Before clicking the link, make sure its true URL. Some browsers show URL when you mouse over the link
You can always see the URL in the status bar while hovering the link (it usually is displayed somewhere at the bottom of the window).
Quote
- The link to bitcointalk.org internal webpage will be shown by green when you mouse over, whereas the link to an external sites will remain blue
It seems that it doesn't work for some links with anchors (see some of the links in your original post for example).
Quote
- There is a way to prevent your computer to access the phishing site by editing hosts file.
Mind the viruses. Viruses also can change your hosts file. They even can change the DNS in your router to achieve the same effect.
Quote
Accounts will be locked if
I consider it to be a little different here (though I didn't yet receive the whole picture).
Quote
Bump is allowed for each 24 hours
And old bumps should be deleted (according to p.21 of the forum rules).
Related to the password manager, I was wondering if anyone is using physical security keys? Google started requiring employees to use physical security keys and neutralized phishing. KeePass has portable version so LoyceV are you using it by installing it in e.g. USB drive?
No, I don't use physical keys.
Thanks guys for corrections and feedback, will revise OP.
Right I checked it in preview but in the post it was replaced to the real link. The homograph attack is also interesting one, seems like o is the cyrillic letter.
See for instance The Five Best Password Managers.
Related to the password manager, I was wondering if anyone is using physical security keys? Google started requiring employees to use physical security keys and neutralized phishing. KeePass has portable version so LoyceV are you using it by installing it in e.g. USB drive?
That's one of the ideas, hope you will be also listed there eventually.
Thanks for tips, actually I was wondering why your account was hacked since you did these security measures? If you have somehow identify the reason why your account was hacked and potential loophole of the above strategies that would be worthwhile to share.
Did you mean this:
True https://bitcointalk.org/
Fake https://www.google.com/ (link to google.com)
Theymos is smart
Fake links work in preview, but get fixed when posted.
However, a homograph attack can still be used to create a fake link:
True https://bitcointalk.org/
Fake https://www.google.com/ (link to google.com)
Fake https://www.google.com/ (link to google.com)
Theymos is smart
Fake links work in preview, but get fixed when posted.However, a homograph attack can still be used to create a fake link:
True https://bitcointalk.org/
Fake https://www.google.com/ (link to google.com)
Right I checked it in preview but in the post it was replaced to the real link. The homograph attack is also interesting one, seems like o is the cyrillic letter.
I have a text file with all the passwords I use for my web accounts.
That's very insecure! You should seriously consider getting a password manager. I use KeePassX on Linux (for Windows it's called KeePass), but there are other options too. It's worth the time to set it up once, and add all new passwords in the future.See for instance The Five Best Password Managers.
Related to the password manager, I was wondering if anyone is using physical security keys? Google started requiring employees to use physical security keys and neutralized phishing. KeePass has portable version so LoyceV are you using it by installing it in e.g. USB drive?
Very useful, thanks. Glad to read those 'Recent successful cases of recovery' it give us (the hacked victims) some sort of hope / relief.
That's one of the ideas, hope you will be also listed there eventually.
Quote
By the way, I would like to mention some other useful general security tips:
<...>
<...>
Thanks for tips, actually I was wondering why your account was hacked since you did these security measures? If you have somehow identify the reason why your account was hacked and potential loophole of the above strategies that would be worthwhile to share.
Reserved.
Feedback, corrections (if any), and/or more information that you wish to be added are welcome.
Correct the spelling on the table of contents it should be "Basics" not "Basis". So far, this thread is worth reading. +1 Feedback, corrections (if any), and/or more information that you wish to be added are welcome.
Very useful, thanks. Glad to read those 'Recent successful cases of recovery' it give us (the hacked victims) some sort of hope / relief.
By the way, I would like to mention some other useful general security tips:
By the way, I would like to mention some other useful general security tips:
- 1- Using multiple web-browsers on the same machine for different purposes (chrome, waterfox, opera, safari, brave, etc.) For example: one for social media purposes, another for banking / crypto, another one for surfing / researching, other for entertainment and so on. Also make sure to configure them properly installing useful add-ons. Like the following:
- 1.1- Password manager Add-ons like LastPass or KeePass are essential both for storing + generating random combinations of characters, just make sure to setup 2FA as well as never losing access to the associated email.
- 1.2- Ad-blockers will censor most of the annoying ads including scams / phishing pop-ups. uBlock Origin is the best.
- 1.3- Disconnect add-on is great for saving time + bandwidth by blocking 3rd party scripts used for social media metrics, advertising, analytics, etc. Also enhances privacy.
- 1.4- Privacy Badger add-on blocks all those undesirable trackers that let others monitor your activity.
- 1.5- EtherAddressLookup is a must for crypto enthusiasts, it performs an automated address lookup as well as warns you against blacklisted domains. it prevents you against phishing / loosing money.
- 1.6- Running proxy scripts on your browsers is highly recommended because hides your real IP from websites by sending fake headers with anonymous IP addresses. it is easy to setup and gives you peace of mind.
- 1.7- Finally replace your default search engine Google with a more reliable one like Duckduckgo.com. it is private & simplified without Ads fighting to be on top of the results. You will less likely fall into fake sites, with a plus of a more personalized experience. Highly recommended doing this switch.
- 2- Using a VPN (paid or free) in order to prevent man-in-the-middle attacks, specially if your connection is wifi and you carry a laptop, also to prevent / bypass government censorship. There are a lot of services worth trying, just pick one that doesn't keep user logs + accept crypto as payment. Also keep in mind that the free ones are great but much slower: ultrasurf.us & riseup.net
- 3- Incorporate the habit of changing your passwords more often, let say 6 months minimum to 1-2 years max.
- 4- Make backups more often, or make it automated. Be prepared to deal with data-loss and ransomware. Also always keep your sensitive data offline to prevent identity theft.
That's very insecure!
I am the only one who use my laptop, yes I understand other possible factors too.Quote
You should seriously consider getting a password manager. I use KeePassX on Linux (for Windows it's called KeePass), but there are other options too. It's worth the time to set it up once, and add all new passwords in the future.
See for instance The Five Best Password Managers.
That's what I need.See for instance The Five Best Password Managers.
Thanks mate. I never had this in mind. I will check it tomorrow early morning.
I have a text file with all the passwords I use for my web accounts.
That's very insecure! You should seriously consider getting a password manager. I use KeePassX on Linux (for Windows it's called KeePass), but there are other options too. It's worth the time to set it up once, and add all new passwords in the future.See for instance The Five Best Password Managers.
Quote
https://passwordsgenerator.net is very helpful.
I wouldn't trust a website for this. My password manager does this for me. 4. You could set a secret question and its answer for password reset. Once you set the secret question option you cannot disable it, so before setting it, learn its pros and cons. For more details, see Tips below and Change password and email / Forgot password.
Profile > Account Related Settings >
Remove anything you have on the Secret Question field
Remove anything you have on the Answer field
Then update the profile. I have done it before when I realized that account recovery using secret question feature will lock your account. So, there are no use of it, in-fact extra risky.
Oops! LoyeceV already have it
- For password, do not use dictionary words, your birth date, pets’ name, phone number, ....
https://passwordsgenerator.net is very helpful.Quote
Tips for 4: Secret question
- There are several important things to know about the secret question feature.
1) Once you set the secret question you cannot disable the feature.
2) There is no email verification process, so most likely the secret question option increases the risk of your account being hacked or locked.
3) If password reset via secret question is used, your account will be locked, and you need to follow Unlock your account process. If the account is under your control, this feature is a drawback
I hope you are working on it since information about secret questions are wrong.- There are several important things to know about the secret question feature.
1) Once you set the secret question you cannot disable the feature.
2) There is no email verification process, so most likely the secret question option increases the risk of your account being hacked or locked.
3) If password reset via secret question is used, your account will be locked, and you need to follow Unlock your account process. If the account is under your control, this feature is a drawback
Quote
3) Password reset via secret question.
Don't, account will be locked.Quote
Tips for 3) "Secret question":
You really need to update this section.Quote
3) you login after a long period of inactivity.
I doubt it if it's not related to 2015 hack.Anyway read the whole post and you just need to fix everything that is related to secret question other than that well done!
Jump to: