Topic: l0tt0.com - page 2. (Read 5275 times)

2FA is way better than pin code without doubt and it's the safest option available, but it also have some drawbacks. Let's say if someone's email is compromised then pin changing may not be useful but at the same time if someone has installed authenticator for 2FA on their phone and the phone gets stolen the same will happen.

Each security measure has pros and cons but we should give more importance to the pros and avoid the cons. I guess you selection of going with 2FA is better than going with a pin based withdrawal mechanism, and you should go with it instead of going with the pin based system.

Sure.. but then there is no point. The login link is secure- only if your email account is secure.. if your email account gets compromised- and someone gets acccess to your account and can just reset the withdrawal pin, whats the point? I mean, thats why 2FA came about in the first place. a site username/password can be reset if someone gets into your email.. so adding 2FA to say your phone secures it up..

I love the withdrawal pin idea.. I honestly find it very hard to believe that someone would forget a 4 digit pin number they setup. It will prob be their bday or their ATM pin. But... I bet 90% of them will be 1111 or 1234.. and that is the problem.

I'm looking into 2FA, I'll prob go that route, I just need to figure out if I'm going to collect the phone numbers in the site and send out the sms myself or use something like Okta.

Pin idea isn't a bad one but it would be better if the user could request a new pin in case of losing or forgetting the previous one. I think you should implement the pin system in a way that when a user forgets his/her pin then he/she may get an option to request a new pin or may get the old pin automatically via email. That way even is someone loses the pin they can get a new or or they can get the one that they have set during registration.

yeah i'm looking into it. maybe the pin idea wasn't the best. it worked for silk road

😂 Hahaha
Very funny though, but honestly, don't underrate how lazy and dumb some people can be, the fact I myself have never forgetten my ATM pin does not mean there aren't people out there who have.
And also under that, people are likely to use their ATM cards more frequently than how frequent they play on a gambling casino.
Some body may sign up on the casino today, carelessly create a withdrawal pin just to complete the sign up since he or she has no intention depositing immediately.
And one day, maybe after like 1 year or more, they may come across the casino again, and this time, decide to login and deposit since they already have an account, they play, possibly win and want to withdraw, and they are asked for a withdrawal pin, only for the person to discover that he or she has forgotten the pin he or entered during the registration, since it's been a long time, and upon discovering that they can't reset the pin, next thing will be that, they start creating thread tagging the casino as a scam casino.😀

So, I think you should rethink this decision

OK, a good and understandable reason though, but there are other alternatives to Google 2fa, like Authy and the some others.

great idea regarding the option- not on the site but in the email..

regarding the withdrawal pin- that couldn't be reset. it would be setup when you first login- and it can never be changed, thus ensuring only you know it.. i know what you're going to say, what is someone forgets it? well... do you forget your atm pin? and also- this is crypto.. we are already in an unforgiving environment.

i will look into google 2fa- i just dont want to bring google into the codebase. i dont use GA for that reason. i LOVE that you visit my site and there are zero trackers.

For me, I see no issue with the current registration/login system, but it's also a good thing that you are thinking of creating a system that make provison for those who are playing with a phone or computer that they don't have their email account on, my opinion on this is below.


Make the sending of six digit login pin as an option alongside the sending of one time login link.
That is for example, when ever I enter my email address on the site to register/login, the system will send me both a six digit login pin and a one time login link, it's up to me to chose which of those I wanna make use of.
I think one crypto exchange I am using has that feature where they send both a one time link and a six digit pin in one email message, the user chooses which one he or she wants to make use of.

I honestly think a Google 2fa will be better, but on the other hand, making the two available for use, that is, a withdrawal pin and a Google 2fa, will simply be the best, google 2fa doesn't or won't require you asking users for their phone numbers.

So, for a top notch security, make both a withdrawal pin available and a Google 2fa available as well, the two will help just incase a user forgets his or her withdrawal pin and wants to reset it, reseting will require the user to enter both a code sent to their email address and a code from their Google 2fa, this will prevent scammers or hackers from stealing a user's account and reseting their withdrawal pin easily.

the difference is- you can get a code emailed to you- read it off from your computer and type it into your phone.. the link you cant really do that.

I dont see the big difference between clicking the link received in the email and entering six numbers.
Maybe adding both of the would be better so that both work in he same time.

Phone number should never be asked and 2FA will be more secure with secure code.

below is taken from my post on our l0tt0 review page- i just wanted to post it here to get some input. BTW- I'll have the new homepage live next week.


so i hate passwords. i was building the registration system and kept asking myself the magic question: do i need this? what i was left with was the current one-time login link. login passwords are only as secure as your email password (pw resets). i totally get the issue of the one-time login link with regards to different devices, not everyone wants to play on the device they have their email on. so i do have some solutions for that and for securing the account more with 2FA.

a) i have a version of the login page that sends a 6 digit number to be entered into the login page after you submit your email. do you think i should offer this as another option, or just make it the main login system, instead of the one-time link?

b) when it comes to 2FA i'm leaning towards a withdrawal pin; which will be created when you login for the first time. the pin will be needed for any withdrawal. i feel this is a better  solution that asking for more info like a users phone- which brings in outside tech for sending txts.

what are your thoughts on this?


Josh

yes. that is correct.

regarding design thanks for you opinion- but i disagree. it's staying- it will get cleaned up.. but the overall look and feel was a calulated design and brand decision.

Casinos offer 70% commission not based on the net loss but based on the RTP or house edge. Here is the calculation of how affiliate works on many casinos: ((100 - RTP) / 100 * wagered / 2) * commission rate.
OP offers 20% of the net loss, which is super amazing. As I understood, that means that if your affiliate loses 1 btc, 0.20 btc is yours. OP please correct me if I am wrong.

Yes, we know that the final design takes research, development and time but I wanted to give you my opinion, I think it will be better to move from pixelated design to something better. Everything else is on you, I don't know your customers well.

the homepage is going to change very soon- we've already started on a few variations and know the direction we're going in. i'll show you some of them soon.
but thats really it.. the game pages may change a little here and there, mainly the bet table. site looks great on mobile.

Of course no... I get that making something visually appealing and attractive is a painstaking process.  It's a real craft and  I can only spot good design, but actually doing it myself - yeah, no.  Mad props to people who have that talent. 

Anyway, figured we could kick around some concepts off the cuff.  Who knows! Might spark some thoughts.   

final designs don't come over night, to count to 10 you need to go through all the other numbers.
thanks for the input. it will get there.

No question, preference in user interface design is highly personal and open to debate.  However, I must concede that the current visual presentation of l0t0.com does lean towards the, shall we say lo-fi pixelated end of the spectrum.  Even for those seeking a nostalgic, retro-gaming aesthetic, the somewhat antiquated graphics could potentially miss the mark after some time. 

I wouldn't propose a complete, neon-drenched overhaul here - just a gentle nudge towards a more contemporary pixel art style.  The pioneers of this space like Bustabit and Freebitco deserve their kudos but it's 2024 now.  I believe a delicate modern polish, imbuing the vibrant 8-bit form with a touch of up-to-date sheen, could give players the best of both eras. 

Something like BitKong for example, they have a modern gui but with a hint of retro design.

Just my two sats!

UI is always about preferences, some gamblers love to see very simple UI or childish UI that reminds them to their childhood while some others love to see modern UI. The main game is lotto and I think there is no need to have modern look because lotto game is simple but of course they can change it too make more attractive although I believe that most lotto players prefer to play lotto in a site with simple UI.

How can it be risky if the commission is based on net loss of the affiliate? There are some casinos that offers up to 70% commission based on the same thing (net loss). I do even think that this kind of affiliate is the safest for the casino because there is no way that will spend money from their own pocket since the casino take it from user's loss only.

To be fair, I love the idea of new crypto casinos that carry the old pride, that look like bustabit, bustadice, frebitco and other old websites but you really have to get away with pixel art. I think that a slightly more modern website would be better because the current UI is too childish and isn't very attractive. I don't know what others think but at least for me it's like this. Btw your affiliate terms are amazing, 20% of the net loss sounds great but isn't that too risky for you?

That's easy! I think... There are only two main colors on your site: yellow and black. Just invert them. Then use dark gray for the background (instead of white), and I think it will look fine.

3751 bets and counting for today!