Lock old user accounts | Bitcointalksearch.org

grue

legendary

Activity: 2058

Merit: 1452

+1 for email verification
-1 for manual mod reactivation, because it's too much of a hassle
-1 for the BTC address idea, because it links forum accounts to wallets, which may become corrupt, or lost. Not to mention the possible incompatibility with 3rd party clients.

Quote from: mc_lovin on July 02, 2012, 12:02:50 AM

I would say at the very worst, after an account hasn't been logged into in 3 months, reset it so that they need to do email activation to use the account again... But even that would be tricky to set up, and I think it should be an opt-in feature instead of default.

that kills the whole point. the purpose is to ensure ignorant users' accounts can't be used by scammers. Do you think ignorant users are going to opt-in to any feature?

Quote from: malevolent on July 02, 2012, 03:33:21 PM

Quote from: Maged on July 02, 2012, 12:50:02 PM

Quote from: bulanula on July 02, 2012, 12:20:37 PM

How about locking satoshi's account too ?

We already have, but for unrelated reasons.

Are you afraid someone manages to hack into his account (0day exploit in SMF, gueesses pwd, whatevah) and impersonate him?

this actually happened. that's how the db got leaked.

rjk

sr. member

Activity: 448

Merit: 250

1ngldh

Quote from: malevolent on July 02, 2012, 03:33:21 PM

Quote from: Maged on July 02, 2012, 12:50:02 PM

Quote from: bulanula on July 02, 2012, 12:20:37 PM

How about locking satoshi's account too ?

We already have, but for unrelated reasons.

Are you afraid someone manages to hack into his account (0day exploit in SMF, gueesses pwd, whatevah) and impersonate him?

That much should be obvious. If he comes back, he could use his GPG key to sign a message asking for his account to be unlocked.

malevolent

legendary

Activity: 3472

Merit: 1722

Quote from: Maged on July 02, 2012, 12:50:02 PM

Quote from: bulanula on July 02, 2012, 12:20:37 PM

How about locking satoshi's account too ?

We already have, but for unrelated reasons.

Are you afraid someone manages to hack into his account (0day exploit in SMF, gueesses pwd, whatevah) and impersonate him?

Maged

legendary

Activity: 1204

Merit: 1015

Quote from: bulanula on July 02, 2012, 12:57:18 PM

Quote from: Maged on July 02, 2012, 12:50:02 PM

Quote from: bulanula on July 02, 2012, 12:20:37 PM

How about locking satoshi's account too ?

We already have, but for unrelated reasons.

What if he decides to come back ?

Seems a bit harsh ... not convinced he really died or something.

He still has his GPG key, as well as at least Gavin's contact information.

bulanula

hero member

Activity: 518

Merit: 500

Quote from: Maged on July 02, 2012, 12:50:02 PM

Quote from: bulanula on July 02, 2012, 12:20:37 PM

How about locking satoshi's account too ?

We already have, but for unrelated reasons.

What if he decides to come back ?

Seems a bit harsh ... not convinced he really died or something.

Maged

legendary

Activity: 1204

Merit: 1015

Quote from: bulanula on July 02, 2012, 12:20:37 PM

How about locking satoshi's account too ?

We already have, but for unrelated reasons.

bulanula

hero member

Activity: 518

Merit: 500

Quote from: TehZomB on July 02, 2012, 12:52:54 AM

I respectfully disagree.
I was thrilled when I found that, after registering and not using my account here for eight or so months, I didn't have to get out of "newbie jail" (that wasn't a thing when I registered).

Going by the SKEWED mentality of the "lock user account" supporters in this thread, I would say you are going to scam somebody in the next month.

You are not probably going to scam anyone.

Don't lock any accounts.

How about locking satoshi's account too ?

TehZomB

sr. member

Activity: 294

Merit: 250

I respectfully disagree.
I was thrilled when I found that, after registering and not using my account here for eight or so months, I didn't have to get out of "newbie jail" (that wasn't a thing when I registered).

mc_lovin

legendary

Activity: 1190

Merit: 1000

www.bitcointrading.com

I would say at the very worst, after an account hasn't been logged into in 3 months, reset it so that they need to do email activation to use the account again... But even that would be tricky to set up, and I think it should be an opt-in feature instead of default.

Bitsky

hero member

Activity: 576

Merit: 514

Quote from: bulanula on June 29, 2012, 07:55:23 AM

Very funny personal attack. Locking accounts at random because they did not have time to log in = genius policy.

You worked hard to get this tag, along with 22.5btc, so you've got to live with it.
Also the locks won't happen randomly, but after a defined time and with a redirect to an explanation.

Quote from: bulanula on June 29, 2012, 07:55:23 AM

Use escrow and you are safe ... but some just want / beg to get scammed !

So how does an escrow protect you from someone who just keeps the money lent to him?
Like in this case: https://bitcointalksearch.org/topic/m.982776

Stephen Gornick

legendary

Activity: 2506

Merit: 1010

Quote from: Bitsky on June 29, 2012, 03:23:38 AM

It looks like quite a few members here got scammed by people who managed to get access to abandoned accounts, most likely because they used the same password on multiple sites.

If only there was some authentication method that could be used when doing over the counter trading like this. Cheesy

- http://webchat.freenode.net/?channels=#bitcoin-otc-foyer
- http://bitcoin-otc.com/viewratings.php
- http://wiki.bitcoin-otc.com/wiki/GPG_authentication

bulanula

hero member

Activity: 518

Merit: 500

Quote from: Bitsky on June 29, 2012, 07:48:35 AM

Quote from: bulanula on June 29, 2012, 07:25:22 AM

Does not mean that you should lock the account mate.

That is not nice for people that don't even have any idea why the account is locked nor can find out why.

-1 for this policy.

Well, with that tag below your username, I'm not really surprised that you don't like my suggestion.

Of course you can let people know why the account is locked. Just redirect them to a page explaining why and what to do about it when they try to log in.
An email verification or a signed message isn't really that much work if you can't be bothered to log in at least once every month or two.
With such a policy, threads like this one would not exist: https://bitcointalksearch.org/topic/m.982776
The lender would still have his 55btc.

Very funny personal attack. Locking accounts at random because they did not have time to log in = genius policy.

How about being SMART and not getting scammed like a sheep for a start ?

Anybody not doing due diligence and handing over $$$ to strangers on the Net deserve to be scammed by me.

Use escrow and you are safe ... but some just want / beg to get scammed !

Bitsky

hero member

Activity: 576

Merit: 514

Quote from: bulanula on June 29, 2012, 07:25:22 AM

Does not mean that you should lock the account mate.

That is not nice for people that don't even have any idea why the account is locked nor can find out why.

-1 for this policy.

Well, with that tag below your username, I'm not really surprised that you don't like my suggestion.

Of course you can let people know why the account is locked. Just redirect them to a page explaining why and what to do about it when they try to log in.
An email verification or a signed message isn't really that much work if you can't be bothered to log in at least once every month or two.
With such a policy, threads like this one would not exist: https://bitcointalksearch.org/topic/m.982776
The lender would still have his 55btc.

Kluge

donator

Activity: 1218

Merit: 1015

Going by past experience, it is indeed much more likely than an individual's computer/email being cracked that a server's db was accessed without authorization, as happened when MtGox was compromised, and a flood of old users who used the same credentials had their forum account compromised as a result. I would think it reasonable to have them simply sent a confirmation email before being allowed to log in if it has been over 30 days since they last logged in. Simple email verification, minimal headache. ... If it's not too much of a headache to implement.

Identity theft on this forum should be taken very seriously. It should be more stringent than the "typical" forum. She don't look like much, but is competent-enough to facilitate tens of thousands of dollars worth of transactions every week (I'm guessing). After the flood of ID thieves post-Gox-GOXing, I think most members have the sense to check post history to look specifically for when that user last made a post before entering into a transaction, though newbies probably aren't aware. Having one's first transaction be a scam may be enough to push them out of interest in Bitcoin forever.

bulanula

hero member

Activity: 518

Merit: 500

Quote from: Bitsky on June 29, 2012, 03:23:38 AM

It looks like quite a few members here got scammed by people who managed to get access to abandoned accounts, most likely because they used the same password on multiple sites.
Especially if the accounts belong to users with more than 100-200 postings, others trust them more than newbie accounts, what makes the scam easier to pull off.

There should be a "max days between logins" limit, after which an account gets locked and need to be manually enabled again by a mod. Either by sending a new password to the registration mail (which could be hacked too however), or by having the member sign a message with the btc address in the sig (if available; perhaps make providing a btc address mandatory), or by giving hints about who they sent PM's to.

If someone doesn't log in at least once every 30-60 days, he hasn't much interest in Bitcoin at all.

Does not mean that you should lock the account mate.

That is not nice for people that don't even have any idea why the account is locked nor can find out why.

-1 for this policy.

Bitsky

hero member

Activity: 576

Merit: 514

It looks like quite a few members here got scammed by people who managed to get access to abandoned accounts, most likely because they used the same password on multiple sites.
Especially if the accounts belong to users with more than 100-200 postings, others trust them more than newbie accounts, what makes the scam easier to pull off.

There should be a "max days between logins" limit, after which an account gets locked and need to be manually enabled again by a mod. Either by sending a new password to the registration mail (which could be hacked too however), or by having the member sign a message with the btc address in the sig (if available; perhaps make providing a btc address mandatory), or by giving hints about who they sent PM's to.

If someone doesn't log in at least once every 30-60 days, he hasn't much interest in Bitcoin at all.

Topic: Lock old user accounts (Read 1719 times)