Author

Topic: MCXNOW is NOT the most secure exchange (Read 689 times)

legendary
Activity: 2492
Merit: 1473
LEALANA Bitcoin Grim Reaper
September 16, 2013, 04:20:58 AM
#11
A simple database run from another site gained access to accounts.

But oh what could be done to prevent this?!?!?!

Only something any other respectable exchanges has already implemented......

Email verification for withdrawls


Last time I used Mt.Gox they did NOT have email verification for withdrawals.

This discussion of security doesnt stop at GOX.
legendary
Activity: 2492
Merit: 1473
LEALANA Bitcoin Grim Reaper
September 16, 2013, 04:19:27 AM
#10
A simple feature that forces users of his site to use a relatively long and random password generated on his server's end would fix that user pass problem he is dealing with now (or so he claims).
legendary
Activity: 1073
Merit: 1000
September 16, 2013, 03:48:32 AM
#9
A simple database run from another site gained access to accounts.

But oh what could be done to prevent this?!?!?!

Only something any other respectable exchanges has already implemented......

Email verification for withdrawls


Last time I used Mt.Gox they did NOT have email verification for withdrawals.
newbie
Activity: 53
Merit: 0
September 16, 2013, 03:47:06 AM
#8
I understand all of this. But i feel the securty it provides is something "the most secure exchange" should have. Rant over on my part

Can't protect stupid

But you can to a degree.

If they didnt have users emails they would have been able to do nothing even if they did only if the user used the same password at 3 places would they be affected.

Its still users fault as if you have any money on exchanges you should do your part to protect it.

But too be the most secure you have to protect against stupidity to a certain degree.

MCXNOW might not be "hackable" but less info is required than most sites to hijack users accounts

You are correct in all of that. But why start a thread talking shit when you understand it wasn't his issue?

Like i have stated multiple time. Its advertised as "the most secure" But yet it doesnt take the little extra step to protect its just above brain dead users that others exchanges do

Anyone worried about privacy knows how to use tor and create a Virtually untraceable email
legendary
Activity: 2548
Merit: 1054
CPU Web Mining 🕸️ on webmining.io
September 16, 2013, 03:41:21 AM
#7
I understand all of this. But i feel the securty it provides is something "the most secure exchange" should have. Rant over on my part

Can't protect stupid

But you can to a degree.

If they didnt have users emails they would have been able to do nothing even if they did only if the user used the same password at 3 places would they be affected.

Its still users fault as if you have any money on exchanges you should do your part to protect it.

But too be the most secure you have to protect against stupidity to a certain degree.

MCXNOW might not be "hackable" but less info is required than most sites to hijack users accounts

You are correct in all of that. But why start a thread talking shit when you understand it wasn't his issue?
newbie
Activity: 53
Merit: 0
September 16, 2013, 03:33:57 AM
#6
I understand all of this. But i feel the securty it provides is something "the most secure exchange" should have. Rant over on my part

Can't protect stupid

But you can to a degree.

If they didnt have users emails they would have been able to do nothing even if they did only if the user used the same password at 3 places would they be affected.

Its still users fault as if you have any money on exchanges you should do your part to protect it.

But too be the most secure you have to protect against stupidity to a certain degree.

MCXNOW might not be "hackable" but less info is required than most sites to hijack users accounts
legendary
Activity: 2548
Merit: 1054
CPU Web Mining 🕸️ on webmining.io
September 16, 2013, 03:29:20 AM
#5
I understand all of this. But i feel the securty it provides is something "the most secure exchange" should have. Rant over on my part

Can't protect stupid
newbie
Activity: 53
Merit: 0
September 16, 2013, 03:25:22 AM
#4
I understand all of this. But i feel the securty it provides is something "the most secure exchange" should have. Rant over on my part
legendary
Activity: 2548
Merit: 1054
CPU Web Mining 🕸️ on webmining.io
September 16, 2013, 03:24:12 AM
#3
A simple database run from another site gained access to accounts.

But oh what could be done to prevent this?!?!?!

Only something any other respectable exchanges has already implemented......

Email verification for withdrawls

People using the same name/password for every site is not RS's fault
member
Activity: 94
Merit: 10
Operator of mcxNOW | Programmer of MicroCash
September 16, 2013, 03:22:53 AM
#2
2FA is already there, I don't support emails as a second verification method but I do provide google auth. So the fact is mcxNOW does have 2 auth setup, some users don't use it. Not much can be done about this unfortunately.

As of the v2 update I have removed all user emails from the site and stopped requiring them to be entered on sign up. The reason is due to privacy, I feel with coming laws these "paper transactions" of activity at a crypto exchange may be used against people. I advise everyone who uses emails at exchanges to turn off email notifications and use a more secure 2nd auth device like Google Auth or yubikey, etc.
newbie
Activity: 53
Merit: 0
September 16, 2013, 03:17:50 AM
#1
A simple database run from another site gained access to accounts.

But oh what could be done to prevent this?!?!?!

Only something any other respectable exchanges has already implemented......

Email verification for withdrawls
Jump to: