Pages:
Author

Topic: Message To Beginners: Do not use Secret Question to reset account - It locks it - page 3. (Read 2946 times)

legendary
Activity: 3766
Merit: 1742
Join the world-leading crypto sportsbook NOW!
Afaik secret question was alwayas marked as a security flaw for btctalk account, so the common security measure was to leave it empty.
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
Wow, great top tip for us...thanks.

Do you know if the Admins are planning to fix this flaw?

The accounts get locked because of the database breach a while back. The security answers and questions were stored in the database as hash that was easier to attack than the (hashed) password itself. Thus the security question offered less security and in order to avoid hijacking of old accounts the locking was implemented. It was not common knowledge at first. To me it seemed the admins tried to use it as honeypot to find out more about the DB breack. As more and more users complained about their locked accounts it became more known, but probably only among those that read meta on a regular basis.
sr. member
Activity: 266
Merit: 250
Wow, great top tip for us...thanks.

Do you know if the Admins are planning to fix this flaw?
legendary
Activity: 1456
Merit: 1000
Just noticed a trend in Meta of people getting locked out of account for resetting and using secret question.  It will actually lock your account do to security and you have to get admin and prove ownership, so a pain for you and admins.  I'm hoping posting this here will slow the number of these we see in meta.

I take no credit as far as figuring it out read more here : https://bitcointalksearch.org/topic/psa-accounts-will-be-locked-if-the-secret-question-is-used-to-recover-it-1206977 

I just figured it would be good to have here and hopefully save a few members some time.
Pages:
Jump to: