Topic: Message To Beginners: Do not use Secret Question to reset account - It locks it - page 3. (Read 2897 times)
October 20, 2015, 03:01:45 AM
Afaik secret question was alwayas marked as a security flaw for btctalk account, so the common security measure was to leave it empty.
October 20, 2015, 02:47:05 AM
Wow, great top tip for us...thanks.
Do you know if the Admins are planning to fix this flaw?
Do you know if the Admins are planning to fix this flaw?
The accounts get locked because of the database breach a while back. The security answers and questions were stored in the database as hash that was easier to attack than the (hashed) password itself. Thus the security question offered less security and in order to avoid hijacking of old accounts the locking was implemented. It was not common knowledge at first. To me it seemed the admins tried to use it as honeypot to find out more about the DB breack. As more and more users complained about their locked accounts it became more known, but probably only among those that read meta on a regular basis.
October 20, 2015, 12:08:53 AM
Wow, great top tip for us...thanks.
Do you know if the Admins are planning to fix this flaw?
Do you know if the Admins are planning to fix this flaw?
October 19, 2015, 10:45:45 PM
Just noticed a trend in Meta of people getting locked out of account for resetting and using secret question. It will actually lock your account do to security and you have to get admin and prove ownership, so a pain for you and admins. I'm hoping posting this here will slow the number of these we see in meta.
I take no credit as far as figuring it out read more here : https://bitcointalksearch.org/topic/psa-accounts-will-be-locked-if-the-secret-question-is-used-to-recover-it-1206977
I just figured it would be good to have here and hopefully save a few members some time.
I take no credit as far as figuring it out read more here : https://bitcointalksearch.org/topic/psa-accounts-will-be-locked-if-the-secret-question-is-used-to-recover-it-1206977
I just figured it would be good to have here and hopefully save a few members some time.
Jump to: