Is it useful to publicly state password changes on accounts?

dblink

sr. member

Activity: 252

Merit: 250

Quote from: SebastianJu on July 01, 2015, 07:46:56 AM

I see sometimes that it seems to be that users on bitcointalk can guess pretty good which accounts were sold in an auction that ended. Simply because the forum shows them the accounts with changed passwords. So what i wonder if thats a feature that makes sense. Password changes does happen when the forum was hacked too and when someone is uncertain about if an account was hacked, he can ask for signing an address that was posted some time ago. It would be more important that "Edited" notes would be there, which i lately miss somehow. Might be only because of editing too fast though.
So what are your thoughts? Is it a good thing to show that the password was changed lately?

There should be some sort of logs such as last failure account login, so that moderators can easily know that how many times the hacker guessed and try with brute force passwords. And also regards to your question that, yes it is a good thing to show that the password was changed, at least the victim will com to know that his/her account has been hacked.

SebastianJu

legendary

Activity: 2674

Merit: 1082

Legendary Escrow Service - Tip Jar in Profile

Quote from: hilariousandco on July 01, 2015, 09:08:25 AM

Yes, it is a very good idea and helpful in many circumstances, and whether someone can tell what account has been sold is irrelevant, but that's actually another good reason for it. What if someone sells an account that then goes on to attempt to scam? At least this feature then might give people the heads up that something is potentially wrong and can act accordingly. And what's the worse that will happen these days in someone figuring out what account is sold? Not much, but people should be aware of the risks when buying accounts and you can often tell an account has changed hands by many other factors anyway.

Even though i know what you mean, i think its not working the way you say. A scammer who plans a scam will surely wait as long as the notice is gone. Its not so long i believe. And you cant use a password change as a sign for a sold account, so observing all changes would not work too.

Though ok, it might gives a little help.

SebastianJu

legendary

Activity: 2674

Merit: 1082

Legendary Escrow Service - Tip Jar in Profile

Quote from: dogie on July 01, 2015, 07:55:09 AM

Quote from: SebastianJu on July 01, 2015, 07:46:56 AM

So what are your thoughts? Is it a good thing to show that the password was changed lately?

Yes. Changing the system to aid people to sell accounts is not a good idea, nor is selling accounts in the first place.

I agree that its not a good idea but it happens and it would even happen when it would not be allowed. I dont think its good because it is used to scam, at least trying. Though nowadays there is a valid reason with the signature campaigns.

Quote from: Quickseller on July 01, 2015, 08:27:22 AM

For example instead of saying an account was registered in June 2013, has 252 activity and 1300 posts, a seller can say that the account was created on or before August 2013 (or in the first half of 2013), has 250+ activity and 1,000+ posts.

I know what you mean but it seems that doesnt help in practice in my experience.

el kaka22

legendary

Activity: 3500

Merit: 1162

www.Crypto.Games: Multiple coins, multiple games

Yes, I agree on this too. Most of the sold accounts will change their password 2 times quickly (1st time changed by escrow, 2nd time changed by buyer), which password changes for security (like forum hacks/old password) are not made frequently. Hence we can identify sold accounts by the password changing log (the currently available one only states recent ones) and will deal with them with extreme caution. Also we can find account that are sold long time ago, but the new owner gained reputation on the account.

hilariousandco

global moderator

Activity: 3794

Merit: 2615

Join the world-leading crypto sportsbook NOW!

Yes, it is a very good idea and helpful in many circumstances, and whether someone can tell what account has been sold is irrelevant, but that's actually another good reason for it. What if someone sells an account that then goes on to attempt to scam? At least this feature then might give people the heads up that something is potentially wrong and can act accordingly. And what's the worse that will happen these days in someone figuring out what account is sold? Not much, but people should be aware of the risks when buying accounts and you can often tell an account has changed hands by many other factors anyway.

--Encrypted--

copper member

Activity: 924

Merit: 1007

hee-ho.

to be frank, the password change notes are not very useful for anything other than speculatively identifying a sold account. we have the signed message that is useful for pretty much everything concerning the ownership of an account.

tho there's no harm done to anyone except to the people that got a negative rating because they can't prove their ownership to a sold account, which, like what dogie just said, is a kind of business that we shouldn't aid.

Quickseller

copper member

Activity: 2870

Merit: 2298

The person selling the account should be vague in describing the account so that there is a large number of accounts they could possibly be selling. For example instead of saying an account was registered in June 2013, has 252 activity and 1300 posts, a seller can say that the account was created on or before August 2013 (or in the first half of 2013), has 250+ activity and 1,000+ posts.

It is more difficult to protect against timing attacks on auctions however in auctions the seller could wait an hour or two to change the password however this will only provide limited protection.

If you are selling on a "normal" thread then you can keep the account listed for several days after selling the account.

dogie

legendary

Activity: 1666

Merit: 1183

dogiecoin.com

Quote from: SebastianJu on July 01, 2015, 07:46:56 AM

So what are your thoughts? Is it a good thing to show that the password was changed lately?

Yes. Changing the system to aid people to sell accounts is not a good idea, nor is selling accounts in the first place.

SebastianJu

legendary

Activity: 2674

Merit: 1082

Legendary Escrow Service - Tip Jar in Profile

I see sometimes that it seems to be that users on bitcointalk can guess pretty good which accounts were sold in an auction that ended. Simply because the forum shows them the accounts with changed passwords. So what i wonder if thats a feature that makes sense. Password changes does happen when the forum was hacked too and when someone is uncertain about if an account was hacked, he can ask for signing an address that was posted some time ago. It would be more important that "Edited" notes would be there, which i lately miss somehow. Might be only because of editing too fast though.

So what are your thoughts? Is it a good thing to show that the password was changed lately?

Topic: Is it useful to publicly state password changes on accounts? (Read 537 times)