Is your Bitcointalk password strong enough?

pilosopotasyo

member

Activity: 952

Merit: 27

Quote from: notblox1 on August 13, 2020, 07:26:09 AM

https://www.zorrosign.com/passwordless-future/

One of the biggest mistakes you can make is to use simple passwords or same password for everything.
Simple password can be cracked instantly, so better use some offline password generator to mix all characters and generate password.
My suggestion is to use strong long passwords different for anything including Bitcointalk account, and make them hard to crack.
Never use same passwords more than once!

But even doing all this, if bitcointalk forum gets somehow compromised or hacked again (happened before) someone can steal even our hardest passwords.
Can we expect to see some solutions for this issue in new forum software?
Maybe using 2FA, OTP or something else?

Our account here in Bitcointalk is very much important like that on our accounts in exchanges, especially those with high ranking I would love to see a 2FA or OTP in the future too, it's a good protection or I hope to see email verification before we can log in just like we do on exchanges.

Bitdonator

legendary

Activity: 1223

Merit: 1002

I think its strong enough Grin

I use combination of lowercase and upercase letters, numbers and symbols,
randomly typed on keyboard with closed eyes.

And to be more safe, I changed my password often, once in a month or every two months.
And I never use same password on different websites.

Sanitough

hero member

Activity: 2856

Merit: 674

I believe I have used a good combination of password that is hard to hack, if there's 2fa the better but I guess signing a message using your bitcoin wallet is more than enough in case the password is hack, at least it's hard to compromise our wallet if the hacker does not have the key.

As a member, I'm open for new changes in the forum if that would make an account more secure, hopefully that hack incident before would not happen again as it would not only affect our accounts but the forum reputation's as well.

lovesmayfamilis

legendary

Activity: 2072

Merit: 4265

✿♥‿♥✿

All the above methods are certainly good, but you probably should take into account that no matter how complex the password is, it still needs to be stored somewhere. If we do not have correct and reliable storage, then all methods become not serious methods.
I found Steve Gibson's method of creating an easy-to-remember password interesting. By creating such a password, we can also secure ourselves that this password can be stored in our memory.

https://www.grc.com/haystack.htm

ShowOff

legendary

Activity: 2618

Merit: 1181

Quote from: Lucius on August 17, 2020, 04:02:29 AM

I believe that most people still take seriously how important it is not to set a simple password, which some unfortunately do to make it easier to remember. Of course, there are those who want to hack someone's account out of pure malice, but this is only possible if the owner allows it - not only with a simple password, but also with some social engineering, which is usually done via e-mail.

Therefore, it is not wise to show your e-mail publicly as some members do because you are only enabling a new vector of attack. Strong password with at least 10+ letters/numbers and special characters + unique e-mail is quite enough for you to sleep peacefully. Of course, provided that you do not install a RAT or keylogger on the computer - then all of the above becomes meaningless.

You must be right, setting a simple password is an easy option to remember but vulnerable to being hacked easily by other. I think that so far most user have figured out how to secure their account by using strong password and signed message with bitcoin address. If the user has signed the message here, I think they have secured their account well even if someone hacked it.

Apart from hiding email in profile, I think user should also be careful with phishing site that are widely circulating on Google and the media. Many case of hack occur because phishing site are linked in message or email. Avoiding phishing site might be easy if we ignore message that have link both in email and on bitcointalk account.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

I believe that most people still take seriously how important it is not to set a simple password, which some unfortunately do to make it easier to remember. Of course, there are those who want to hack someone's account out of pure malice, but this is only possible if the owner allows it - not only with a simple password, but also with some social engineering, which is usually done via e-mail.

Therefore, it is not wise to show your e-mail publicly as some members do because you are only enabling a new vector of attack. Strong password with at least 10+ letters/numbers and special characters + unique e-mail is quite enough for you to sleep peacefully. Of course, provided that you do not install a RAT or keylogger on the computer - then all of the above becomes meaningless.

Latviand

full member

Activity: 1540

Merit: 219

Quote from: Coin_trader on August 13, 2020, 08:03:00 AM

I will never used a random word that generated by that app. It will be very convenient to memorized or save it to a notepad for forum account purposes only. I typically using the standard password which minimum 10 characters with at least 1 number, capital letter and symbol. It will took too much time for a hacker to brute force that type password and no one will ever attempt to put some effort on hacking an active forum account. This strong password are suggested to those that has been offline for a long period of time because they are the common target of hackers.

But this password generator was very useful for exchange account password. I will definitely used it to mine. Thank you! Cheesy

Security should be one of our priority when making an account and it is not that hard to make a strong one.

I also used 10 characters because I'm confident and comfortable with that and I made a password that is easy to remember for myself.

I'm always active so it is less likely for a hacker to invade my account and privacy. This thread can really enlighten someone with the risks of getting hacked to prevent themselves to become a victim. Using this password generator is somehow effective and safe but as soon as possible, take care of your account.

I already tried it and I'm satisfied and confident.

DdmrDdmr

legendary

Activity: 2338

Merit: 10802

There are lies, damned lies and statistics. MTwain

Quote from: tranthidung on August 14, 2020, 09:30:30 PM

<…>

The idea I has in mind cares less for the IP precision, and more for the testimonial fact that, at some point in time, someone tried to access my account with credentials that failed to log in. If I could see a log that showed me the invalid login attempts on my account, I would have an indicator as to whether the account was being attempted to hack.

Say you saw the failed attempts over the last 30 days, and the list had 150 entries in that period of time, possibly in bursts. That could be an indicator of it being an attempt to hack my account, and therefore I could be on alert once knowing that fact. Of course, it could be a troll exploiting this feature (were it to be in place), just to mess with people’s minds, but still.

actmyname

copper member

Activity: 2562

Merit: 2510

Spear the bees

Just remember how many swipes across the keyboard...

One... QWERTYUIOP
Two... ASDFGHJKL
Three... MNBVCXZ

Don't forget the password requirements.

1!a

Secure as a vault Cool

tranthidung

legendary

Activity: 2310

Merit: 4085

Farewell o_e_l_e_o

Quote from: DdmrDdmr on August 14, 2020, 10:54:42 AM

What could be interesting, at least I find it so, is to have the option to see some sort of information relative to login attempts from your account. I don’t mean receiving an email at every failed attempt (an exploit for trolls), but rather more something similar to when we see the IP connections from our account made over the last 30 days (https://bitcointalk.org/myips.php).

The myips page is only helpful if user does not always log in account with Tor. With Tor, different exit nodes for all log in attempts. But if the user does not click on New identity option for the forum website, their log in IPs will have a template that can still be discovered.

Because of the ultimate goal to have privacy by using Tor browser, people will click on New identity so that the myips page will be unmeaningful to filter strange log-in IPs.

There are two ways to get A new circuit ^[1,2]

Are there anything incorrect from my understandings? If yes, please correct it. Thanks.

[1] https://support.torproject.org/tbb/tbb-29/
[2] https://tb-manual.torproject.org/managing-identities/

Quote

This option is useful if you want to prevent your subsequent browser activity from being linkable to what you were doing before.

Selecting it will close all your tabs and windows, clear all private information such as cookies and browsing history, and use new Tor circuits for all connections.

Tor Browser will warn you that all activity and downloads will be stopped, so take this into account before clicking "New Identity".

Welsh

staff

Activity: 3304

Merit: 4115

Quote from: Twentyonepaylots on August 14, 2020, 04:10:59 PM

Password should be more personal or better it's you and only you who knows about that thing. Now I upgraded myself giving passwords to my account, if it is allowed to put special characters I'm doing it, that will going to give you a strong passwords not just an alphanumeric. But this is not the era of guessing passwords, it is a new era of new methods of hacking, passwords is just an open padlock.

Exactly the reason why I would personally recommend against the idea of using personal identifiable passwords. If you're including something in your password that you personally like in your life for example, that could potentially be a weakness in itself. Its much more recommended to use a password that is as randomly generated as possible, since the human mind isn't exactly great at creating true randomness.

Twentyonepaylots

sr. member

Activity: 1918

Merit: 370

Quote from: libert19 on August 13, 2020, 10:36:23 PM

I had an account here before and it got hacked in last bitcointalk hack, I was naive back then and had used very simple 4 worded password ('easy to remember').

Password should be more personal or better it's you and only you who knows about that thing. Now I upgraded myself giving passwords to my account, if it is allowed to put special characters I'm doing it, that will going to give you a strong passwords not just an alphanumeric. But this is not the era of guessing passwords, it is a new era of new methods of hacking, passwords is just an open padlock.

DdmrDdmr

legendary

Activity: 2338

Merit: 10802

There are lies, damned lies and statistics. MTwain

What could be interesting, at least I find it so, is to have the option to see some sort of information relative to login attempts from your account. I don’t mean receiving an email at every failed attempt (an exploit for trolls), but rather more something similar to when we see the IP connections from our account made over the last 30 days (https://bitcointalk.org/myips.php).

It would be something similar to the IP valid connections, but with invalid attempts. That would enable us to see if someone is trying to hack the account at some point (or make troll attempts).

acroman08

legendary

Activity: 2436

Merit: 1104

Quote from: Lucius on August 14, 2020, 08:54:42 AM

Quote from: Little Mouse on August 14, 2020, 04:09:04 AM

Although I use mostly or same passwords on here and other sites, I believe my password is strong enough accoding to your above info graph. I have everything included in my password.

Maybe your password is strong enough that it cannot be cracked with brute force, but if you use the same password for all services/accounts then in case someone comes into possession of your password you compromise everything that password protects. One account - unique strong password - unique email and nothing less than that.

I do the same as Little Mouse but I tend to mix the upper/lower case, numbers and letters of that same password for every site I deemed important, but if I'm registering on a site that I won't be using regularly I usually just use the password I am most familiar with. I also used unique email for every site that is important and a dummy email I use for those who are not.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: Little Mouse on August 14, 2020, 04:09:04 AM

Although I use mostly or same passwords on here and other sites, I believe my password is strong enough accoding to your above info graph. I have everything included in my password.

Maybe your password is strong enough that it cannot be cracked with brute force, but if you use the same password for all services/accounts then in case someone comes into possession of your password you compromise everything that password protects. One account - unique strong password - unique email and nothing less than that.

Pffrt

sr. member

Activity: 1372

Merit: 322

So, my password is strong enough to not be bruteforced at least till I'm alive Cheesy

I used to use a significant number of characters in my password but that force me to reset my password once in a quarter on average.

Quote from: tranthidung on August 14, 2020, 06:21:00 AM

Personally, if the companies I use their services don't force me to change my passwords each 3 or 6 months, I would not change my passwords.

I think 6 months is too long to change a password. You should be more frequently if it's related to financial activities.

notblox1

legendary

Activity: 2086

Merit: 1282

Logo Designer ⛨ BSFL Division1

Quote from: tranthidung on August 14, 2020, 06:21:00 AM

It depends on how you change your password. Some people think frequently change passwords will be good for their accounts but such will become awful if they create some sort of repeated templates for their passwords:

LM@bitcointalk@2020Agust
LM@bitcointalk@2020September
LM@bitcointalk@2020October
LM@bitcointalk@2020November
LM@bitcointalk@2020December

Let's assume that guy changes his/ her password each month but they are terrible changes. I would not say you doing like that, just take your phrase and expand it further to illustrate for newbies and help them to avoid such mistakes.

Personally, if the companies I use their services don't force me to change my passwords each 3 or 6 months, I would not change my passwords.

Have you ever saw any list with leaked passwords? I have, and it is very funny

and sad in the same time.
They use something like 12345qwerty, and I saw only a few randomly generated passwords using special characters.
Here are some real life password examples from list I saw (not including emails here):

Code:

23232323
50cent
xxxxyyyy
llllllll8
america
moonmoon11111
1223334444
12345600
....

Nobody should use something like this!

tranthidung

legendary

Activity: 2310

Merit: 4085

Farewell o_e_l_e_o

Quote from: Little Mouse on August 14, 2020, 04:09:04 AM

What I suggest is changing password frequently. I change my exchange password more frequently than other sites though.

It depends on how you change your password. Some people think frequently change passwords will be good for their accounts but such will become awful if they create some sort of repeated templates for their passwords:

LM@bitcointalk@2020Agust
LM@bitcointalk@2020September
LM@bitcointalk@2020October
LM@bitcointalk@2020November
LM@bitcointalk@2020December

Let's assume that guy changes his/ her password each month but they are terrible changes. I would not say you doing like that, just take your phrase and expand it further to illustrate for newbies and help them to avoid such mistakes.

Personally, if the companies I use their services don't force me to change my passwords each 3 or 6 months, I would not change my passwords.

Little Mouse

legendary

Activity: 2156

Merit: 2100

Marketing Campaign Manager |Telegram ID- @LT_Mouse

Although I use mostly or same passwords on here and other sites, I believe my password is strong enough accoding to your above info graph. I have everything included in my password.
What I suggest is changing password frequently. I change my exchange password more frequently than other sites though.

tranthidung

legendary

Activity: 2310

Merit: 4085

Farewell o_e_l_e_o

Quote from: pooya87 on August 13, 2020, 11:23:19 PM

for example both of the following are the hash of a very simple password "123"

Code:

a665a45920422f9d417e4867efdc4fb8a04a1f3fff1fa07e998e86f7f7a27ae3
74b2eb3b47120a4af6acb7d0a9af9e299a68233939fbd9d856a4d22598560601

while the first one is ridiculously easy to break because it is a single SHA256 hash of the password but the second one (although still easy due to shortness of the password) is a lot harder to break because it is using a strong KDF called scrypt with a strong salt.
the later is what any good website does to make it more expensive for an attacker to be able to brute force things even if they got access to their database somehow.

Amazing thing I have not yet known and only began to learn today. Thank you.

Regarding to good websites, it is appropriate to choose big platforms to use and I can believe in their security structures and operations. It is the side of companies people choose to use, nevertheless. To secure account, it requires carefulness and efforts from both related sides: companies and users.

Users must do some things from their sides:

Strong passwords (for accounts)
Strong passwords (for emails)
2FA (for accounts) *
2FA (for emails) *
Do neither disclose email address nor 2FA secret code/ phone numbers (sim swap attacks) nor which platforms they use
Even attackers find their email fIf curious (but should not never click on), simply hovering the mouse on links to see full links (for non-shortened links).

* Avoid SMS code: because unexpected problems with receiving code or sim swap attacks.

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: notblox1 on August 13, 2020, 07:26:09 AM

the times in this picture depend a lot on how the passwords are stored in the database and what the hacker has access to. passwords aren't stored as plaintext, instead the hash of them is stored. and depending on the method used it could be trivially easy or extremely hard to brute force it.
for example both of the following are the hash of a very simple password "123"

Code:

a665a45920422f9d417e4867efdc4fb8a04a1f3fff1fa07e998e86f7f7a27ae3
74b2eb3b47120a4af6acb7d0a9af9e299a68233939fbd9d856a4d22598560601

while the first one is ridiculously easy to break because it is a single SHA256 hash of the password but the second one (although still easy due to shortness of the password) is a lot harder to break because it is using a strong KDF called scrypt with a strong salt.
the later is what any good website does to make it more expensive for an attacker to be able to brute force things even if they got access to their database somehow.

NavI_027

full member

Activity: 1232

Merit: 186

Okay, I get bothered right now because I can't believe that my password is very close on the verge of getting hacking. I thought that setting long series of numbers alone is enough to be considered strong because that's what I used to know especially when i use the same pw format when playing online games. They told me it was "strong" after I sign up. My whole life is a lie Undecided

. Thanks for the info OP, it's better to change my pw now than to be sorry.

Ps: Done changing, keep safe guys

.

libert19

hero member

Activity: 2520

Merit: 952

I had an account here before and it got hacked in last bitcointalk hack, I was naive back then and had used very simple 4 worded password ('easy to remember').

SiNeReiNZzz

legendary

Activity: 1022

Merit: 1043

αLPʜα αɴd ΩMeGa

Quote from: notblox1 on August 13, 2020, 07:26:09 AM

~CUT~

Many thanks for this!

Great graphics!
In the bottom right-hand corner, I sort me in.
I will not let it happen, my account get stolen again, for sure!

Just as you've already correctly explained.
Unfortunately, the best password is worth nothing - because everything stands and falls with the security of the forum...

I think, to make it as secure as possible and to protect it from new attacks and thus from theft of passwords, is a high aspiration on the part of the forum operators.
I'm assuming there's been a lot of talk about this...

And I would be interested in your proposals, from the point of view of e.g. theymos or other high staff!
If this has not been an subject so far, there must be some reasons, why it is not or cannot be considered...

Quote from: notblox1 on August 13, 2020, 07:26:09 AM

~CUT~
But even doing all this, if bitcointalk forum gets somehow compromised or hacked again (happened before) someone can steal even our hardest passwords.
Can we expect to see some solutions for this issue in new forum software?
Maybe using 2FA, OTP or something else?

//edited

JeromeTash

legendary

Activity: 2338

Merit: 1261

Heisenberg

After my account got hacked in 2018. I learned lessons the hard way. I literally used to do every mistake most newbies would do. Use the same Email address and weak 8 letter password while registering on every shit ICO website out there until the credentials leaked from one of the websites. Someone managed to access my account and changed the password and linked email address. They would have been able to access my email address too and reset everything if it wasn't for the 2FA that was enabled in there.

That was a rude awakening for me. I had to wait for 6+ Months to get my account recovered and ever since the hack. All my different online accounts have different email address, strong different passwords and 2FA enabled where possible.

TheBeardedBaby

legendary

Activity: 2240

Merit: 3150

₿uy / $ell ..oeleo ;(

Quote from: notblox1 on August 13, 2020, 04:17:18 PM

Quote from: TheBeardedBaby on August 13, 2020, 03:57:32 PM

What is the point of having strong Bitcointalk password when the weakest link is the email password. Nobody will try to crack your password here, it's easier to hack your email address and there you go.

I would not agree with you that weakest link here is email password.
Someone (Hacker) can send you PM in forum (it happened before) with phishing link. You click on the link and enter your password with login information. No email is used.
Hacker can do a lot of damage before original user finds out about the hack.

If someone creates weak password in one place, than he will create weak passwords everywhere.
I was shocked recently when I heard some people use one and only password for everything...
Weakest link here are human beings.

If you leak your email address you can receive similar phishing email, but I would not ask anyone to register in forum with two email addresses.
Adding 2FA (without using sms) seems good enough solution for now, but I would like to see some futuristic option including bitcoin blockchain confirmation

Strong passwords protected you only against brut force Attempts. In the example you gave it does not really matter how strong password you are using if you going to write it down on a phishing link.
I agree that the weakest link are the users most of the time.
Still I tend to trust Theymos more than some email provider, even after the 2015 hack.

GeorgeJohn

hero member

Activity: 1498

Merit: 711

Enjoy 500% bonus + 70 FS

Yeah i really like your advice op..but in addition on what you said,in order to secure your password or make your password to be strong so that know one can have the access to penetrate in your wallet's, bitcointalk account or Facebook accts, try to use alpha numerical password such as "aed1575zf" to secure your accounts, because such type of password is hard to penetrate easily.
Again try not to use one password in all your accounts to avoid hackers to penetrate into your account.
Ensure that your email have the alpha numerical password because hackers penetrate into accounts through email.
Please everyone should be careful on password's used in bitcoin.

notblox1

legendary

Activity: 2086

Merit: 1282

Logo Designer ⛨ BSFL Division1

Quote from: TheBeardedBaby on August 13, 2020, 03:57:32 PM

What is the point of having strong Bitcointalk password when the weakest link is the email password. Nobody will try to crack your password here, it's easier to hack your email address and there you go.

I would not agree with you that weakest link here is email password.
Someone (Hacker) can send you PM in forum (it happened before) with phishing link. You click on the link and enter your password with login information. No email is used.
Hacker can do a lot of damage before original user finds out about the hack.

If someone creates weak password in one place, than he will create weak passwords everywhere.
I was shocked recently when I heard some people use one and only password for everything...
Weakest link here are human beings.

If you leak your email address you can receive similar phishing email, but I would not ask anyone to register in forum with two email addresses.
Adding 2FA (without using sms) seems good enough solution for now, but I would like to see some futuristic option including bitcoin blockchain confirmation

TheBeardedBaby

legendary

Activity: 2240

Merit: 3150

₿uy / $ell ..oeleo ;(

What is the point of having strong Bitcointalk password when the weakest link is the email password. Nobody will try to crack your password here, it's easier to hack your email address and there you go.
I'm not saying that the bitcointalk password shouldn't be strong enough but I suggest people focus on their email passwords. Better change them more often or even create a new fresh email address from time to time only to access the forum.

I would love to see the multi-signature approach here, to recover your bitcointalk password you need to have at least two different emails registered, and until you click the both verification links you don't get an access.

The Sceptical Chymist

legendary

Activity: 3500

Merit: 6981

Top Crypto Casino

Quote from: Upgrade00 on August 13, 2020, 07:46:31 AM

The previous hack on accounts was due to an SMF vulnerability exploited through the security question option, it has been disabled since then to prevent a repeat.

Maybe it's just my tech ignorance, but I find that statement to be less comforting than perhaps I should have.

OP, I liked that graphic you included in your post, as I'd never seen anything of the sort before. I'm pretty sure my password is strong enough, and I don't use it on any other websites so I hope I'm secure as far as that's concerned. Members of bitcointalk should be extra careful about protecting their accounts. There probably aren't many hackers trying to access members' accounts on other forums like this one, but it's a completely different situation here. I think it's especially important for newbies to realize this.

Quote from: suchmoon on August 13, 2020, 09:56:35 AM

Let's face it, any security measures have limits and it's just a matter of how badly someone wants your account.

Agreed, and I don't lose any sleep at night because I'm worried any of my online accounts are going to get hacked. I do what I can to be secure, and I hope for the best. What else can you do?

suchmoon

legendary

Activity: 3654

Merit: 8909

https://bpip.org

Quote from: stompix on August 13, 2020, 09:41:19 AM

bulletproof way to recover all my account

Short of a DNA swab it would suffer from similar issues as password+2FA and can possibly be used as an attack vector in its own right, e.g. Bitcoinalk password reset via e-mail can be used to by a hacker to get into your account if it's easier to compromise your e-mail account first.

Let's face it, any security measures have limits and it's just a matter of how badly someone wants your account. Password+2FA is good enough for a Bitcointalk account. Password alone - maybe not. Account recovery - meh, reputation of that account is likely shit anyway if it got compromised so might as well forget it.

stompix

legendary

Activity: 2912

Merit: 6403

Blackjack.fun

Of course, using a weak password is clearly a no but at one point I think you have to decide where safety ends and paranoia begins.

I use different passwords on all sites I use, I do have a system of trying to keep them quite memorable and at the same time not easy to guess if one of my accounts gets compromised but I always have the feeling that the more you try to keep it all secure the more you start to doubt everything. You will, of course, doubt your browser password manager the first (which is normal), then the password program manager you've installed as it might be vulnerable to some malware, then you will try writing them down but where to hide them so no visual visit of a friend can uncover them....And even with 2FA, you have to avoid the phone number as an option because of the sim swaps attack..and so on and on

To be since I'm more interested in having a bulletproof way to recover all my account in case I end up dead drunk at my laptop and share all my passwords on some forum or social network in some stupid challenge the beer ordered me to take.

OcTradism

hero member

Activity: 1722

Merit: 801

"Prevention is better than cure" then use a strong password that does not have a template format or resused one of your past passwords; hide your email; use a strong password for your email, and turn on its 2FA.

Forum account: security, privacy, and recovery
[GUIDE] How to Create a Strong/Secure Password
[Guide] How to know if your email address was part of any data breach.
How Scammer tried to Hack my Bitcointalk and how to Protect yourself?
Use protonmail if you can: https://protonmail.com/

mk4

legendary

Activity: 2870

Merit: 3873

Paldo.io 🤖

Quote from: Erumo on August 13, 2020, 08:07:52 AM

If the hacker has an intention to hack you, adding "2FA, OTP or something else" wont help. He'll just wait till his victim fails somewhere and reveals necessary info to pick up right combination of tools to hack.

It will help. I can guarantee you, if somebody wanted to hack me, besides getting past my long and complicated-ass password, getting past 2FA would be a HUGE problem for the hacker as the hacker would need to gain access to my physical device to get past that layer.

Things like 2FA are definitely not useless unless you do something utterly stupid/careless like leaking the keys of your 2FA.

crwth

copper member

Activity: 2940

Merit: 1280

https://linktr.ee/crwthopia

I think it’s quite useful to have a password manager at your side to generate the passwords that are going to be safe. Numbers, upper and lower case letters, and symbols would be the strongest ones for sure, and the longer the password, the better.

Everything that concerns to 2FA would be in the future since it has been talked about here many times. I suggest that everyone sign a signature that only the owner has access and stake it here. It’s to prove that you are the owner if something happens to your account.

jademaxsuy

full member

Activity: 924

Merit: 221

I guess I do not need to secure my BCT account for it is already secured. I think also that it is not needed because sale of BCT account is discourage though it is not prohibited but with this member rank I guess no one or only few will be interested to get this account. I do not see other reason of the need to get a strong password. Just in case this account will be hack then I think I can make another account and will just report this account that it was being hack. The only problem is that I will going to start again posting and waiting for the time that I could get merit to rank up to jr.member up to member in rank. Besides getting merit for an average poster like me is difficult and I need to struggle for it to get. However, I could still do good in the forum. I am still working on a progress of learning about blockchain and how could it be attain and apply in an existing business. This is an alternative to POS I guess if it will be possible then surely I will make use of blockchain. POS will be a compliance to the government agency needing it that is my opinion.

So how strong is my BCT password? LOL. So much easy to remember as easy as 123 let's Go!

hd49728

legendary

Activity: 2044

Merit: 1018

Not your keys, not your coins!

Quote from: mole0815 on August 13, 2020, 07:52:53 AM

2fa is certainly a topic in the new software. This was also discussed several times in the epochtalk subforum. here is an example:

2FA is asked many times. We might have it in Epochtalk (a new forum software) but when the new forum software will be used is still a big secret).

Quote from: hd49728 on June 01, 2019, 12:52:48 AM

2-Factors Authentication

Topics	Date	written by
_______________________________________________________________________________	______________	________________________
Can bitcointalk.org get 2 factor authentication?	17/4/2013	StevenPine
Why doesn't Bitcointalk support 2FA?	14/5/2016	cryptoheadd
2FA on bitcoin talk	05/9/2017	dreamer81
Isn't it time to introduce 2FA to enhance user account security ?	24/3/2018	DdmrDdmr
Bitcointalk.org 2FA option/feature	13/11/2018	tiikol
Should there be an option of adding 2fa for forum accounts?	30/5/2019	iamsheikhadil

Erumo

member

Activity: 564

Merit: 50

This table lack option number and Upper or lower case letters (password like "notblox1").
How quick can that kind of combination be brute forced?

According to the table, if I add "Aaaaaaaaaaaa" to "notblox1" password, it will be almost impossible to hack this by brute force. If the hacker has an intention to hack you, adding "2FA, OTP or something else" wont help. He'll just wait till his victim fails somewhere and reveals necessary info to pick up right combination of tools to hack. That is why adding something extra to a long and strong password seems useless.

Coin_trader

copper member

Activity: 2800

Merit: 1179

Leading Crypto Sports Betting & Casino Platform

I will never used a random word that generated by that app. It will be very convenient to memorized or save it to a notepad for forum account purposes only. I typically using the standard password which minimum 10 characters with at least 1 number, capital letter and symbol. It will took too much time for a hacker to brute force that type password and no one will ever attempt to put some effort on hacking an active forum account. This strong password are suggested to those that has been offline for a long period of time because they are the common target of hackers.

But this password generator was very useful for exchange account password. I will definitely used it to mine. Thank you! Cheesy

mole0815

staff

Activity: 2548

Merit: 2709

Join the world-leading crypto sportsbook NOW!

Quote from: notblox1 on August 13, 2020, 07:26:09 AM

Can we expect to see some solutions for this issue in new forum software?
Maybe using 2FA, OTP or something else?

2fa is certainly a topic in the new software. This was also discussed several times in the epochtalk subforum. here is an example:

Quote from: SFR10 on December 20, 2019, 05:09:04 AM

Quote from: andulolika on December 19, 2019, 11:13:25 PM

Any chance we get 2fa on this forum? Or perhaps I'm missing it.

On Epochtalk, "Yes"...

It's part of "planned features":

Quote from: andulolika on December 19, 2019, 11:13:25 PM

Will the forum move?

If you're referring to its domain name, I don't think so ^{[not sure]}.

And my current password with between 24 and 28 characters including upper- lowercase and symbols seems very secure to me according to your table Cool

Upgrade00

legendary

Activity: 2114

Merit: 2248

Playgram - The Telegram Casino

Quote from: notblox1 on August 13, 2020, 07:26:09 AM

But even doing all this, if bitcointalk forum gets somehow compromised or hacked again (happened before) someone can steal even our hardest passwords.
Can we expect to see some solutions for this issue in new forum software?
Maybe using 2FA, OTP or something else?

The previous hack on accounts was due to an SMF vulnerability exploited through the security question option, it has been disabled since then to prevent a repeat.
2FA has been suggested many times on the forum, but there has been no action taken regarding that, for now you could use it on accounts linked to your profile, such as your email address to prevent a breach. Also keep your email address private and do not share important links, such as your captcha bypass link.

notblox1

legendary

Activity: 2086

Merit: 1282

Logo Designer ⛨ BSFL Division1

https://www.zorrosign.com/passwordless-future/

One of the biggest mistakes you can make is to use simple passwords or same password for everything.
Simple password can be cracked instantly, so better use some offline password generator to mix all characters and generate password.
My suggestion is to use strong long passwords different for anything including Bitcointalk account, and make them hard to crack.
Never use same passwords more than once!

But even doing all this, if bitcointalk forum gets somehow compromised or hacked again (happened before) someone can steal even our hardest passwords.
Can we expect to see some solutions for this issue in new forum software?
Maybe using 2FA, OTP or something else?

Topic: Is your Bitcointalk password strong enough? (Read 710 times)