Pages:
Author

Topic: How I almost lost my account. (Read 338 times)

legendary
Activity: 2604
Merit: 2353
June 06, 2024, 04:37:50 PM
#24
Besides that, you could have set a secret question first, you wouldn't need to remember your throwaway address.
Quote
Secret Question:
To help retrieve your password, enter a question here with an answer that only you know. Using this feature is not recommended. Anyone who guesses your secret answer will have access to your account. It's like a second password.
Answer:
Choose carefully, you wouldn't want someone guessing your answer!
https://bitcointalk.org/index.php?action=profile;sa=account
Secret question will trigger an account lock for security reason, it does not help you to recover your account or password.

This feature was disabled after a forum hack (sever compromise) in 2015.
On May 22 at 00:56 UTC, an attacker gained root access to the forum's server. He then proceeded to try to acquire a dump of the forum's database before I noticed this at around 1:08 and shut down the server. In the intervening time, it seems that he was able to collect some or all of the "members" table. You should assume that the following information about your account was leaked:
- Email address
- Password hash (see below)
- Last-used IP address and registration IP address
- Secret question and a basic (not brute-force-resistant) hash of your secret answer
- Various settings

PSA: ACCOUNTS WILL BE LOCKED IF THE SECRET QUESTION IS USED TO RECOVER IT
You are kidding me dude? You are talking about an event that happened almost ten years ago and quoting posts from the same period. I hope everything is back to normal ten years later. If one user has created his account after the 2015 hack, how hackers could have taken his secret question while his account didn't exist? It's not possible. So I guess what's written is true : "It's like a second password."
full member
Activity: 203
Merit: 106
🌀 Cosmic Casino
June 04, 2024, 02:17:51 PM
#23
Why would you use a throwaway email address? Don't you know that whoever is running the throwaway email server can get all the messages that the forum sends you?

Apart from that, but anonymous email signup services like simplelogin and passmail (proton pass) completely cover all the benefits of these throwaway email addresses, minus the risk of losing access to email reset.
If I am to be any true to myself, I didn’t dig deep on the what risk I stand to incur by using a throwaway email address and that’s entirely my fault, I am owing that. It wasn’t the original plan and it only became an option after I had tried using my functional email to create an account and the evil IP thing came up. My next trier failed to accept previous email as it had been used and so, the throwaway email became an option. I felt I could change it as time goes and that turned into procrastination coupled with the fact that, I was still getting used to the forum.
It only dawned on me after the incident of a forgotten password and good enough, it wasn’t too late to think and rethink to come up with the combination and make necessary adjustments.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
June 04, 2024, 02:19:00 AM
#22
Why would you use a throwaway email address? Don't you know that whoever is running the throwaway email server can get all the messages that the forum sends you?

Apart from that, but anonymous email signup services like simplelogin and passmail (proton pass) completely cover all the benefits of these throwaway email addresses, minus the risk of losing access to email reset.
sr. member
Activity: 602
Merit: 387
Rollbit is for you. Take $RLB token!
June 03, 2024, 08:06:59 PM
#21
Besides that, you could have set a secret question first, you wouldn't need to remember your throwaway address.
Quote
Secret Question:
To help retrieve your password, enter a question here with an answer that only you know. Using this feature is not recommended. Anyone who guesses your secret answer will have access to your account. It's like a second password.
Answer:
Choose carefully, you wouldn't want someone guessing your answer!
https://bitcointalk.org/index.php?action=profile;sa=account
Secret question will trigger an account lock for security reason, it does not help you to recover your account or password.

This feature was disabled after a forum hack (sever compromise) in 2015.
On May 22 at 00:56 UTC, an attacker gained root access to the forum's server. He then proceeded to try to acquire a dump of the forum's database before I noticed this at around 1:08 and shut down the server. In the intervening time, it seems that he was able to collect some or all of the "members" table. You should assume that the following information about your account was leaked:
- Email address
- Password hash (see below)
- Last-used IP address and registration IP address
- Secret question and a basic (not brute-force-resistant) hash of your secret answer
- Various settings

PSA: ACCOUNTS WILL BE LOCKED IF THE SECRET QUESTION IS USED TO RECOVER IT
full member
Activity: 203
Merit: 106
🌀 Cosmic Casino
June 03, 2024, 07:19:52 PM
#20
Apart from the advice given above, it is also very advisable to post your PGP public address so, if you lose access to your account or you are impersonated, you can probe that you are the rightful owner of the account by simply signing a message.

We cannot expect it from the average newbie, I'm afraid, but as you rank up and learn more and more there is a moment when you learn to do that. Hopefully, not too late...
Am doing my best to be above an average newbie, lol!

I have e successfully signed a Bitcoin address as an added safety measure on my account. I'll update that in OP too so, the rest of you could verify with me.
legendary
Activity: 2604
Merit: 2353
June 01, 2024, 02:00:17 PM
#19
Why you haven't used an alias service for your email address instead of using a throwaway email box, I don't understand? Using disposable email addresses is dangerous because even when they allow you to set a password it's usually temporary and one day it can be reset and your address will become available to anyone. In addition domains can become unavailable and any attached address can disapear without any possibility to access it again. For the password it's better to use a password manager, nowadays almost all browsers offer a safe one. And if you add the two-factor authentication, you can store your password almost anywhere since it becomes only one part of your way to login.
Besides that, you could have set a secret question first, you wouldn't need to remember your throwaway address.
Quote
Secret Question:
To help retrieve your password, enter a question here with an answer that only you know. Using this feature is not recommended. Anyone who guesses your secret answer will have access to your account. It's like a second password.
Answer:
Choose carefully, you wouldn't want someone guessing your answer!
https://bitcointalk.org/index.php?action=profile;sa=account
hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
June 01, 2024, 12:38:53 PM
#18
An important step is to enable 2FA to further secure your Bitcointalk account login. I don't know how many users already enabled 2FA for their account here, but frankly why wouldn't you want to do it?

In addition as mentioned earlier, you can stake your PGP public address and/or stake a Bitcoin address and sign a message to prove you control the private key of that address. Both will make account recovery a lot easier and possible at all, should your account ever be compromised or lost.
legendary
Activity: 2002
Merit: 2534
The Alliance Of Bitcointalk Translators - ENG>SPA
May 29, 2024, 09:08:37 AM
#17
And, with the stats of the OP, it would've been a loss, but imagine if that happened to a Legendary...

Apart from the advice given above, it is also very advisable to post your PGP public address so, if you lose access to your account or you are impersonated, you can probe that you are the rightful owner of the account by simply signing a message.

We cannot expect it from the average newbie, I'm afraid, but as you rank up and learn more and more there is a moment when you learn to do that. Hopefully, not too late...
member
Activity: 364
Merit: 44
★Bitvest.io★ Play Plinko or Invest
May 29, 2024, 08:55:38 AM
#16
The op deep explanation why the post is created show how some take certain things so common and later begin to see the benefits or course of getting those things they misplaced as a result of negligence. Security and keeping of details is very important no matter how that document may look like, what you neglect can be of help and one must have a means of securing important documents not just online but manual means.
full member
Activity: 1414
Merit: 236
Catalog Websites
May 29, 2024, 07:08:30 AM
#15
I guess you have learned a lesson from this your ignorance, that almost make you to lose your account because you failed to take time to study the forum very well to understand some of the things that will make your details to be in a safe place.

Now you have recovered your account, I believe you will avoid anything that will make your account to be in danger, and you need to concentrate on the rules and quality post so that you will improve in that aspect.


Assume, you don't write all those things down, it would have been difficult for you to recover your details back because there are some newbies that loss their account to scammers because they displayed their details and they didn't write down their details.
legendary
Activity: 1526
Merit: 1359
May 26, 2024, 01:45:04 PM
#14
So to make a long story short, you used a throwaway email address to register, chose a password at random that you did not write down anywhere and later forgot it, and on top of that, had no recovery method like a staked Bitcoin address? Well, I dont know what to say other than... lesson learned the hard way, I hope.

But this is the part that really intrigued me:

At this point, I was completely exhausted and had to take some rest, it was already 14 O'clock. I later woke up,
~

Do you usually go to sleep at 2 pm? How old are you, if I may ask?  Cheesy
hero member
Activity: 686
Merit: 987
Give all before death
May 26, 2024, 01:17:07 PM
#13
What have I done to avert this:
1. Create and have a proper mail address to the account.
2. Create a strong password combination.
3. Writing down my important detail to keep it safely.

What am yet to do but find very necessary and would do:
1. Generate, sign and stake a Bitcoin address to this account.
Everything you have listed is valid. The human brain can malfunction at any time, so we need to have a backup. Writing down your email and password in a paper and keeping them safe is also ideal.

I would say all mistakes you did are stupid mistake, so it will not be a concern to other users.
I don't see it as a stupid mistake. Most members never thought they would be in this forum for this long. I have joined many forums where I lost interest quickly and never became active. Some persons just choose a random email and password to access the forum but don't have any interest in staying at first. Maybe they began to enjoy the forum and decided to stay but forgot to change these important details.
hero member
Activity: 1428
Merit: 513
Payment Gateway Allows Recurring Payments
May 26, 2024, 12:12:59 PM
#12
So you did not have access to your email, that's why you were not able to receive OTP to forget the password? Or in order to reset the password you have to talk with admins? Actually, I never faced this situation, I have written my password somewhere safe, but if the case is, that you have to contact admins or support to reset the password then its a time taking thing. Who would want that, I thought the procedure would be like this, we give recovery mail, and we receive OTP, input it, and can set a new password.

Correct me if its the case. I don't know that's why I asked. Besides, your story is a big lesson for all of us, besides taking proper action you have aforementioned, we should also stake out account here as well, in case we lose access to our accounts.
hero member
Activity: 644
Merit: 661
- Jay -
May 25, 2024, 08:06:15 AM
#11
Good thing you have gotten your account back and also good you have made a note to stake a signed address. That is the ultimate account recovery tool, it also validates changes in email address and password so no one would suspect that the ownership of an account has changed hands.

- Jay -
full member
Activity: 203
Merit: 106
🌀 Cosmic Casino
May 25, 2024, 07:43:26 AM
#10
I also can add another one stupid mistake, I forget my login details and I didn't have any back up, then I sold my device.

So I advise you have a password backup book, diary etc where you can write most things down in a book and not just one maybe two at least incase one gets missing which is not supposed to happen but that other will remain.
A better way you can buy steel plate or anything that can resist against fire, corrosion etc just like you back up your seed phrase.
For real? That must have hurt so badly.
So how did you manage to get your account back or it isn't this account your referring as, the referred account is gone for good.

And why didn't you change that sometime after your registration? Anyway, the good thing is that you have your account, and I see that you've now changed your email, so I'm guessing you're safe from it happening again.

Unless this was all a sob story excuse to change email because you sold your account! Haha, I'm joking.
I wouldn't say I have had the thought of changing my password. The thought has crossed my mind once or twice but, I didn't know where to look at the time but, it didn't take long to find though but for no particular reason, I allowed it. Only to be reminded by its necessity with this forgetfulness.

Sold!!! Good joke man, good joke.
Just to think of it, how is that a thing and how can someone seat back and watch his or her built reputation on an account be destroyed by a new owner, using it for all the wrong reasons because of some dollars. Just how much would that be valued anyway!
hero member
Activity: 2786
Merit: 902
yesssir! 🫡
May 25, 2024, 07:37:25 AM
#9
It is scary to think about, because if someone is able to get your one major password, they will have access to all your passwords.
It's not a fool proof setup ofc but IMO it's still better than getting locked up/resetting frequently.. Especially, if you're like me who has hundreds of accounts I dont use everyday lol

However, if you tend to slack on your personal cyber security then it'll come and bite you lol. Keepass for instance stores the database in your device hence you need to keep it clean at all times. A good tip would be to compartmentalize risky stuff to non-risky stuff e.g. get a device that doesn't connect to internet or at least don't do risky stuff on the same device you do important stuff.

I would also suggest enabling 2FA whenever possible so you have a second layer of protection. However, you must keep it in a separate device to maximize security. In a sense, this is also compartmentalizing -- if the device where your password manager gets compromised, your 2fa is likely to be fine as it is in a separate device/environment.

I don't encourage saving passwords with third parties like this because it's more risky than it being lost in your hands than to some kind of hackers.

Have you thought of what happened to Laspass? That's just to tell you that none is save expect your own personal backup.
Note that keepass is a FOSS that stores data locally and encrypted -- on your device. LastPass on the other hand stores them on cloud hence the data leaks weren't surprising to me. I wouldn't trust a stranger to held such important data either.
hero member
Activity: 1778
Merit: 907
May 25, 2024, 12:33:31 AM
#8
Good thing you were able to login back to your account; losing it and not having a way to recover it would suck, and if you hadn't staked your Bitcoin address, it would practically be impossible. I still don't understand why you used a temporary email address, though. I get it not to use your main address, which may also include your name on it, but a completely temporary address you'll never be able to access again is a little careless. And why didn't you change that sometime after your registration? Anyway, the good thing is that you have your account, and I see that you've now changed your email, so I'm guessing you're safe from it happening again.

Unless this was all a sob story excuse to change email because you sold your account! Haha, I'm joking.
hero member
Activity: 910
Merit: 680
May 25, 2024, 12:08:00 AM
#7
I would say all mistakes you did are stupid mistake, so it will not be a concern to other users.

I also can add another one stupid mistake, I forget my login details and I didn't have any back up, then I sold my device.

So I advise you have a password backup book, diary etc where you can write most things down in a book and not just one maybe two at least incase one gets missing which is not supposed to happen but that other will remain.
A better way you can buy steel plate or anything that can resist against fire, corrosion etc just like you back up your seed phrase.
member
Activity: 66
Merit: 5
Eloncoin.org - Mars, here we come!
May 24, 2024, 10:50:05 PM
#6
Although the whole scenario would be sum up with a few words " Be careful of how you treat things, make a good backup for your passwords" etc but you deem it necessary to explain in details how come about the thread.

Personally I don't like the idea of saving passwords on the internet for any reasons. Just imagine that I saved the password to my email that I use for very important part of my life online and one of the sites it's saved in is compromised and everything I have in the mail got hijacked? So I advise you have a password backup book, diary etc where you can write most things down in a book and not just one maybe two at least incase one gets missing which is not supposed to happen but that other will remain.

Perhaps you might be interested on password managers like keepass.info?
I don't encourage saving passwords with third parties like this because it's more risky than it being lost in your hands than to some kind of hackers.

Have you thought of what happened to Laspass? That's just to tell you that none is save expect your own personal backup.
sr. member
Activity: 602
Merit: 387
Rollbit is for you. Take $RLB token!
May 24, 2024, 09:00:59 PM
#5
What made you use throwaway email for this op? as I only use such for accounts I never cared much or willing to throwaway. If you're worried about exposing your email address, perhaps an email alias service could be of some use to you.
theymos advised that if user didn't use an actual email for account registration, a throw away or non existing email for registration, that user can change it to an email address with the forum domain. It's safer.

Make sure that your email address is secure. If you don't want to set an email address, use something like [email protected]; don't use a random nonsense email like [email protected], since somebody might create that domain/email.

Quote
Perhaps you might be interested on password managers like keepass.info? this made things so much more convenient for me as I only need to remember one password to access hundres of my accounts lol. Plus your keepass database is stored locally and is encrypted. Passwords are also better off randomized though computer generated would be better than humans which fortunately, keepass also offers.
[Guide] How to create and use a strong password?

Keepass is available for Android too.
https://keepass.info/
https://keepassxc.org/download/#windows
https://play.google.com/store/apps/details?hl=en&id=com.android.keepass

https://pwsafe.org/
https://proton.me/pass

Avoid LastPass because they have security incident.
Pages:
Jump to: