Author

Topic: In light of recent hacking, should security of MyBitcoin website be increased? (Read 1475 times)

jr. member
Activity: 42
Merit: 2
With the recent hackings I think that bitcoin does need a wallet.dat that is encrypted in the client and not something like file system encryption that truecrypt would bring.  The problem is that when you have the client open which you need to have to open to send bitcoins the wallet.dat is unencrypted to the Operating System during that time.  It would be better to encrypt the wallet.dat with a secure password and then only load the keys into memory at load time.  I know that if the system is comprised the attacker could probably read the memory also but this would make it more difficult then just creating a virus that copies wallet.dat to some other comprised system on the Internet.  The key should also be stored at different locations in memory to obscure the location of the keys on boot up.  Obviously the owner of the bitcoin should keep their password in a secure location and have multiple copies of the password and wallet.dat to avoid losing their bitcoins forever.

-Dukejer
legendary
Activity: 1764
Merit: 1015
Honestly you need regular bank level security-verification pictures, mouse-click entry of a second password (to prevent keylogging), and verification of new computer IP addresses accessing an account.  Regular banks don't let random new IP addresses move tons of your money around without verifying the new computer first.

Some sort of SMS based system for verifying new IPs and confirming trades would make hacking your account way harder. 
Agree,
The way bitcoins are treated right now, seems way to loose for me. I think we never saw security before because they weren't worth as much. Now people are sitting with 10-20thousand in their hands, and don't know how to properly secure it. A user friendly solution needs to be thought up pronto. You made some very good points, picture verifications, and second passwords for diff ip's are all good starts.
hero member
Activity: 608
Merit: 500
Honestly you need regular bank level security-verification pictures, mouse-click entry of a second password (to prevent keylogging), and verification of new computer IP addresses accessing an account.  Regular banks don't let random new IP addresses move tons of your money around without verifying the new computer first.

Some sort of SMS based system for verifying new IPs and confirming trades would make hacking your account way harder. 
legendary
Activity: 1764
Merit: 1015
If someone dosen't come up with a system that's as secure as paypal, I will...

mtgox should do a respected third party security audit like big corporate websites do, so should mybitcoin and any currency/payment exchangers. You guys better move fast, if not someone is going to come in and make an all in one solution that is going to be fast/safe/and vetted Wink.
member
Activity: 69
Merit: 10
An average "normal joe" user is not able and even more important not willed to protect his wallet. (that contains his complete savings)
But Average Joe will not put his complete savings into Bitcoin anyway. Ever. So we are just talking about spare money to buy stuff online more easily. Like cash, but online.
Average joe is already able and willing to protect his physical wallet containing his cash money. Why would it be different for his online cash ? (Provided the default client let him do it easily)
The people that will move big volumes will most probably not store their BTC on external services.

I find it odd that people are saying there's no need for a "bank", let people choose how to store their bitcoins themselves, otherwise the system is being controlled by the soverign individuals!
Anyhow, you're right that the average Joe won't put his entire net worth into bitcoins, but "we" have also proved that we CAN'T protect our physical wallets (and purses), they get ripped off every day in the big city.  The Average Joe has also proved that we can't secure our computers now, with our tax and banking information.  Not to mention the family photos that get wiped out when the drive crashes.
jr. member
Activity: 56
Merit: 1
An average "normal joe" user is not able and even more important not willed to protect his wallet. (that contains his complete savings)
But Average Joe will not put his complete savings into Bitcoin anyway. Ever. So we are just talking about spare money to buy stuff online more easily. Like cash, but online.
Average joe is already able and willing to protect his physical wallet containing his cash money. Why would it be different for his online cash ? (Provided the default client let him do it easily)
The people that will move big volumes will most probably not store their BTC on external services.
jr. member
Activity: 55
Merit: 3
Well that is what I meant. My prediction is that these companies will be "bank-like". :-)
legendary
Activity: 1358
Merit: 1003
Ron Gross
I would bet that we will get "bank-like" companies in the future managing the "normal joes" BTCs. An average "normal joe" user is not able and even more important not willed to protect his wallet. (that contains his complete savings) What is bad about "bank-like" companies managing BTCs? It is up to everyone which way to go.

Any client application cannot provide complete security if it's not running on a separate, clean machine, due to malware.
Prediction: In two years from now, most bitcoin users will not use dedicated machines to manage their bitcoins, but rather will trust this security to some large company, and instead will use a web/remote interface to access it.

Let's get this moving now.
jr. member
Activity: 55
Merit: 3
I would bet that we will get "bank-like" companies in the future managing the "normal joes" BTCs. An average "normal joe" user is not able and even more important not willed to protect his wallet. (that contains his complete savings) What is bad about "bank-like" companies managing BTCs? It is up to everyone which way to go.
jr. member
Activity: 56
Merit: 1
They will want some "bank-like" interface.
I am not convinced by this. People are attracted to Bitcoin partly by the promise to regain control of their money.
The general public might not understand the exact nature of bitcoin decentralization, but they will understand that their money is in now in their hands, and not in those of a bank or central third party. Big selling point.
To me MyBitcoin fulfills needs that will eventually be covered by the mainline client.

That said, yes, more security is probably always good. When I want to do an online transfer from my bank, just before the final validation, they send me a validation code on the mobile or by mail.
legendary
Activity: 1358
Merit: 1003
Ron Gross
Today, the money in your bank is pretty secure.
Even if someone breaks into your computer and finds your online banking password, he simply can't move all the money from your bank to somewhere else.

What I propose is an OPTION (not mandatory) for MyBitcoin users for enhanced security measures:

1. Impose limits on how much Bitcoin can be moved in a day out of MyBitcoin
2. Email notification for any movement. Email confirmation for large movements.
3. Captchas.

Two years from now, most bitcoin users will not be using bitcoin off of dedicated linux computers. They will want some "bank-like" interface.
MyBitcoin or a competitor can become that, and the steps described above can help secure some non-geeks' bitcoins.

In the future, I expect any website or company that stores large amounts of bitcoins to be insured by Bitcoin insurance companies.
This is also a key component in creating a reliable economy.
Jump to: