Topic: Just lost 190 bitcoins through Mt. Gox - page 3. (Read 6836 times)

+1

Huh?

If they get my password, and I have some sort of IP lock on my account, then I could receive an email notification of someone else logging into my account from Russia or wherever, indicating there is a problem.  They couldn't withdraw because of the lock though, which would be undone with password + email verification.

If I had a withdrawal address change delay of 7 days, then I could get an email as soon as someone else changed the withdrawal address on my account.  I would then have 7 days to do something about it.

Ok, so maybe my email account is compromised as well.  I'd figure that out once I was no longer able to log in.  Or maybe the attacker is really clever and doesn't change my password, but simply deletes the email so I wouldn't see it.  MtGox could, upon login, still display a very large colorful warning for the next 7 days that the IP lock was removed or that a new withdrawal address was created.  And if I didn't have access to my MtGox account, ideally, support could reset the password for me and send me an email link.  If I didn't have access to my email and attempts to regain access were futile, support could freeze the account in the interim and I could resend identity docs to prove I am the proper owner of it.  But in the meantime, my Bitcoins are SAFE.  They could not be touched with this sort of delay in place, whereas as soon as an attacker compromises an account right now, they can empty it out to the extent of the daily withdrawal restrictions.

So no, I don't "have to agree", nor do I agree with you at all.  I think the more security options we have, the more secure we can make our accounts.

Do the words "optional" not mean anything to you?

2FA is optional.
If IP geo was implemented, it should be optional.
If withdrawal delays of any kind are implemented, they should be adjustable and, of course, optional.

There.  No inconvenience to people like you who don't find those options useful, but better security for those who do.

Login > Security Center

Add YubiKey and/or Software Authenticator (Google Smartphone)
Save

Add the credential you just created to login, withdraw, and/or security center.

I was looking over my MtGox account, and I don't see how to turn on 2 factor authentication.  Can someone walk through the process really slowly?

!

Isn't there a trail for the address the money went to? 

WAIT a second, you verify your ID, just like you would have to at a bank. Now lets look at the real point how many people are going to use Mt Gox. Only investors and day traders, and we have proven that many of them are on Mt Gox today! So while there is *NO GUARANTEE* people are fine with it and adapt to the security needed.

I am not trying to twist your words but you just *keep* missing the point. NO GUARANTEE - got it yet?

If my 2FA key from my bank gets stolen I *can still* get my money *refunded* - you *cannot* do this at any BTC exchange (and won't *be* able to for very good reason as we all know well).

By serious investments I am talking 10-100M USD - seen any of those yet?

In any case I think this is all getting rather OT and starting to look a bit silly and I do *agree* if you want to *day trade* at Mt. Gox you really *must* get yourself a Yubikey.

I never received this offer.

Your twisting my words again. How is the risk too high? If you follow security protocols you have no issues, even average people can figure out a 2 factor auth system. Also you said no serious investors will actually invest, yet I have seen a number of articles of day traders and stock people investing. Plus Fred Wilson VC has invested in a bitcoin company and in bitcoins. So your pretty false on those claims and your very off track.

And lets be honest, how many people are going to buy bitcoins to trade on Mt Gox.

Your point has been made clearly again and again - and sadly *this* is *why* Bitcoin will *never* be used by average people *ever*.

Average people want *government guaranteed* money that will be refunded in the event of *theft* - so I think we can see clearly where the situation stands (and why no serious investors will actually invest a serious amount of money in BTC - the risk is simply too high).

So when do you actually take responsibility for securing your funds?

First off IP geo will be a pain for most people, I know I change my location a lot thru my VPN's and just internet connections, now if I am using Mt Gox, I can't. So that option is out.

Second now you want to setup withdrawling that takes a couple days, that defeats the purpose of bitcoins. It suppose to be quick transfer of wealth.

Do you not see how these while you may think better protects the user, are the users responsibility and if you can't setup up Google 2 Factor Auth or buy a Yikub key then maybe you shouldn't be using an exchange.

Look at ATM's it is one pin code, that you have and if someone gets hold of it then your screwed but do you line up at the bank going add that they have to show there driver's licenses no you accepted it because you know that is your responsibility to not share it. You expect the job of the bank to be secure inside, you deal with outside.

TAKE RESPONSIBILITY FOR YOURSELF, I THINK TOO MANY BITCOINERS DON"T UNDERSTAND IT and frankly it is boring to keep iterating this point to people.

Two-factor Authorisation is useful for some people, but other things that have been suggested are useful too and would stop this. Its possible to make the account secure, even IF the password becomes known to a dishonest person, so why not do that? 2FA certainly does not suit everybody.

Actually its hard to say vote with your feet because thats the problem: there are not that many exchanges, and for many practical reasons the choice often comes down to 1 or 2. The exchanges therefore become complacent because people dont vote with their feet.

But you can be sure it reflects or will reflect badly on bitcoin even though actually it has nothing to do with Bitcoin. If someone using Bitcoin for a year can loose 200 BTC, then they are hardly a Noob.

I would strongly and politely suggest to the exchanges that it is very much in their own interest to implement these things. And it will be all the better for Bitcoin if they do, so lets start writing emails to our favourite exchange. I already have!

Id like to know if everyone that keeps losing gox funds, did the wallet on your computers get raided also? It would only seem logical to raid the .dat on the hard drive too.

I will as soon as something better comes along.    In the meantime, I will continue to suggest that they implement measures to satisfy my desires.

So can you show me an example of someone that has used 2FA and has been rob? It is the carelessness of people that use the service. I am sorry but I don't see any reason why they need all these bells and whistles when they have something that is proven and works the best. You also can't require 2FA cause not everyone has a smart phone, trust google, or can afford an yikuby key.

Well perhaps it's a bit too strong worded, they did gave me a free yubikey after all. However, since Bitcoin transactions are non-reversible and it is a lot harder to find out who stole your coins compared to fiat, I think their security should at the very least match that of traditional banks. And when I see that simple solutions as IP restriction aren't implemented and 2FA isn't required, even for very large transactions, I can only say their security just isn't good enough. And let's face it, there is ample evidence of people losing their money on MtGox, so much that it's hard to maintain it's all the consumers fault.



Exactly, I'm using MtGox to buy coins and other services to store them.

People WANT to take some responsibility, they just want more options to do it.  2FA is good for some things, but having some way to delay withdrawals to a new address seems like a sensible option to add.