Pages:
Author

Topic: Miners, You Should Be Earning 7% Fixed Income With Options - page 6. (Read 10909 times)

member
Activity: 112
Merit: 10
Wow... talk about not understanding security.  This post alone scares me away from this venture.

Hint: Security questions are not 2FA.
Hint: 6 characters are not enough.

@Inaba: Asking for a second item for authentication is indeed a second factor.

I didn't say it's what is typically used. It's true that stronger TFA would include something in another category, such as something physical the user has.

Second, security involves context. You say 6 characters are not enough. But it what context? You are saying you know a way to crack a password that is a random 6 characters of upper and lowercase letters, numbers and symbols in no more than 7 tries?
member
Activity: 112
Merit: 10
@lemonz: I'm happy to discuss and clarify security procedures Smiley

First, I have to say I didn't directly address @Stephen Gornick's password concern. He stated he only feels secure with a password length at least 12 characters.

This stems from incomplete information about secure passwords. He may have heard a longer password is more secure, and this is generally true, but what's missing is when it makes a difference to use a very long password.

It only makes a difference if the attack method is brute force. If you are trying to secure your computer's hard drive with TrueCrypt because you don't want the government or anybody else to be able to access the files then yes password length becomes an issue. That's because the attacker/cracker is working mathematics against you, betting he can use pure computing power to brute force crack the password and thus password entropy becomes an issue. A 12 character password versus a 50 character password can mean the difference between them succeeding in 10-20 years or not for at least 100 years.

But that's not the use case here. As I mentioned brute force attacks are not available to attackers because we only allow 7 tries. That's it. It doesn't matter how strong the attacker's computer is, or number of EC2 instances (which cost money by the way) they have. It takes pure luck to get the password correctly guessed in 7 tries. It is simply a statistical impossibility.
______

Last, you mention users writing down their password, possibly on their computer. It's true that a password is only as secure as the person guarding it. For example, the article I linked explained a top vulnerability being simply asking a user (in relation to something else) what it is.

And still nothing is vulnerable to a malware installed keylogger, whether the user creates a super strong password themselves or not. And whether or not they are careful with it or not (memorized only etc.).

That's why we include two-factor authentication. Even a completely compromised password will not guarantee account access.
rjk
sr. member
Activity: 448
Merit: 250
1ngldh
Security experts agree a password at least 6 characters long with a mixture of upper and lowercase letters numbers and symbols is very secure.
No. Nno. nononononononooooooooo. NO!

Let me guess. You are using MD5 to store passwords, yes? Because some site said it was secure?
legendary
Activity: 1260
Merit: 1000
Our site is highly secure. Security experts agree a password at least 6 characters long with a mixture of upper and lowercase letters numbers and symbols is very secure. Our generated passwords meet this criteria, but are at least 8 characters long. Such a password is impossible to guess.

There are two other things that make this secure: 1) The site allows only 7 login attempts before locking the user out so brute force attacks won't work. (otherwise brute forcing would take over 200 years to crack) 2) We use two-factor authentication which means an intruder must not only get the password right, but also your security answer to your security question.

If interested please also check out this informative article on password security:

http://www.baekdal.com/insights/password-security-usability

We don't allow users to set their own password to ensure they don't use a weak one, and also to ensure it's not duplicated from their other Web accounts. You may have heard LinkedIn and Last.fm databases with passwords were recently hacked. This makes all user online accounts vulnerable if they used the same password.

Wow... talk about not understanding security.  This post alone scares me away from this venture.

Hint: Security questions are not 2FA.
Hint: 6 characters are not enough.
newbie
Activity: 32
Merit: 0
I understand where you are coming from, and I'm not saying whether it's right or wrong.  But I do have a couple comments:

1) The site allows only 7 login attempts before locking the user out so brute force attacks won't work. (otherwise brute forcing would take over 200 years to crack)

Stephen's concern might stem from the security of your database, not the threat of a brute force.  Let's say you're hashing the passwords (which I hope you are, with two salts) and someone gains access to your hosting server.  Your salts and methods are now known and you're safe in the mindset that it would take 200 years for a powerful computer to crack it, while the hacker has spawned several thousand EC2 instances and has cracked half your database in less time that it takes for you to even detect the intrusion.

We don't allow users to set their own password to ensure they don't use a weak one, and also to ensure it's not duplicated from their other Web accounts.

You are causing users to write down (or worse, save in a text file on their desktop / in their email) this password.  Also, you can not guarantee that users will not set other accounts to the same password as yours.  You security is now only as strong as your user's personal computer / email address.

I really like the idea of the site it's easy to read and I get the information I'm looking for immediately, and I commend you for your position on trying to protect users from themselves.  However I'm not convinced you're going about it the right way.  You might find it more user friendly to just enforce password restrictions (length / alphanumeric / symbols and any other rules) and call it a day.
sr. member
Activity: 252
Merit: 250
Inactive


Excellent new service.
member
Activity: 112
Merit: 10
It only generates a password,  I cannot set the password myself.  it is a ... 9 character password.

For sites where my funds are stored, I only trust as being strong a 12 character or more password, which I create using KeePass.

Can't I be trusted to provide my own password?

Our site is highly secure. Security experts agree a password at least 6 characters long with a mixture of upper and lowercase letters numbers and symbols is very secure. Our generated passwords meet this criteria, but are at least 8 characters long. Such a password is impossible to guess.

There are two other things that make this secure: 1) The site allows only 7 login attempts before locking the user out so brute force attacks won't work. (otherwise brute forcing would take over 200 years to crack) 2) We use two-factor authentication which means an intruder must not only get the password right, but also your security answer to your security question.

If interested please also check out this informative article on password security:

http://www.baekdal.com/insights/password-security-usability

We don't allow users to set their own password to ensure they don't use a weak one, and also to ensure it's not duplicated from their other Web accounts. You may have heard LinkedIn and Last.fm databases with passwords were recently hacked. This makes all user online accounts vulnerable if they used the same password.
legendary
Activity: 2506
Merit: 1010
It only generates a password,  I cannot set the password myself.  it is a ... 9 character password.

For sites where my funds are stored, I only trust as being strong a 12 character or more password, which I create using KeePass.

Can't I be trusted to provide my own password?


 
member
Activity: 112
Merit: 10
Hmm, can't I just say trust me it works! Wink

Seriously, options are hard to understand in depth, but I'll try to give the basics. Below is the option example given on our site:

Imagine a home buyer finds the perfect house for $300,000, but his loan won't be approved for one month. The house seller might write an option contract giving the potential buyer the right to buy the house for $300,000 one month later if he so chooses. The house seller sells this for $1,000, figuring he wins either way because he wants to sell the house. The buyer gladly pays $1,000 for the contract locking in the price.

Three weeks pass and the buyer learns his loan is declined, but the house he holds the option contract to has doubled in value to $600,000. This means his contract is worth $300,000 of savings to someone, and he can sell it for a tremendous profit. This can show the power of options.

Call and Put Options

A call option gives the holder the right (but not obligation) to buy the underlying asset at a set price. A contract holder will likely exercise this right if the market value of the asset is at or above the contract or "strike" price at maturity.

A put option gives the holder the right to sell the underlying asset at a set price. Put options are likely exercised if the market value of the asset is at or below the strike price at maturity.
_________________________________

Okay, so that's the basics for options. Now, in terms of finance and Wall Street we use terms like "in the money", "covered" etc.

You have to understand options in Wall Street finance are traded mostly for speculation, not investment, and you get these shortened phrases like "writing a covered call". Writing an option means you are the person creating the contract. The option is "covered" if you also own the underlying asset of the contract.

This is what miners should do, because it is a risk free way to make money.

Think of the home owner in the example above. Do you think it was wise for him to write the option contract and pocket the $1,000 since he planned on selling the house anyway? Of course it was. His only downside was not predicting his house value would double. Of course, the value could have went down too, but in that case he looks even smarter because he still has the $1,000 plus the house which he can still sell later.

Now, imagine he is actually a home builder and will be in this situation every single month. Doesn't it make sense for him to write and sell option contracts for added fixed income? It does from a mathematical point of view if prices rise and fall (he keeps the option proceeds either way). He only loses out if the home values always increase substantially and never drop.

Make sense?

BTW in-the-money means the contract holder has a positive position because the market value of the asset is above the strike price of the contract. In the example above the option on the home is in-the-money from the time it's written on forward since it never goes below $300,000.
hero member
Activity: 632
Merit: 500
I agree with the above miners. If you could use C++ or at least PHP to explain it, it would be great!  Grin
legendary
Activity: 1400
Merit: 1000
I owe my soul to the Bitcoin code...
Exactly. I am a hardware guy not a finance guy. Walk me through the math and we'll see if its interesting.
hero member
Activity: 642
Merit: 500
If you want to appeal to miners, many of whom are not traders, and many of whom are not native English speakers, you might want to start by explaining the terminology. What is a call, what is covered,what does "in the money" mean, etc.
member
Activity: 112
Merit: 10
Hi Miners,

BitcoinOPX.com has recently opened and I wanted to make sure everyone knows of a risk free way to earn 7%, for example, monthly returns on your coins.

This is possible because of the value options provide asset holders who are most likely planning to sell. Below is a great example provided by forum user waltmarkers in a speculation thread:

Actually, I disagree - this could be the perfect vehicle for miners and other bitcoin holders. Covered calls in the money at inception are a great way for the bitcoin owner to make a fixed short term income based on their long term position.

For example.

I want to "lend" 1000 coins.

Current price is 5.75.

I issue a 1000 call at a strike price of 5.50  for 0.635 per coin or a $635 contract price for 28 days from now.

If bitcoin goes up past 6.135, I lose my coins, but I get $5500 plus the contract price of $635. Basically I locked in a sell price of $6.15  (7% monthly return)

If bitcoin is between 5.50 and 6.135, and the contract is exercised, I still get the $6,135. I effective sold at $6.15. (7% monthly return)

If bitcoin goes below 5.50, contract is not exercised. I keep my 1000 coins plus I now have an extra $635 I can pocket or buy more coins with.

We don't need one market maker, we need a group of miners to use covered calls.

BTW - why would someone want to buy a call already in the money? 1. They would like to speculate the coins are going up past the 6.15 with out buying a single coin. 2. They are selling coins lent to them to convert to fiat for a purchase, and want to ensure they can pay their loan in bitcoin later.

This has been your friendly neighborhood covered call lesson.

@waltmarkers: I completely agree. Thanks for that textbook example of the advantage of writing covered calls as applied to Bitcoin.

I would add a 3rd reason for someone wanting to buy a call already in the money: As I noted above options can provide leverage. If a person believes the price is heading to $7.00 for example and has $635 they can either buy the option you mentioned or buy bitcoins directly. If they buy bitcoins directly at the current price of $5.75 they can afford 110 bitcoins. Multiplying that by the difference gives 110 x $1.25 = $138.00 is the maximum they could profit from that price move.

However, buying your option at $635 yields 1000 x 1.50 = $1500, then subtracting the $635 = $865 of profit they could make. Quite a difference. More risky, of course, but no comparison in terms of profit potential.

Perhaps I should be explaining this to the miners...  Wink



The example uses 1000 coins but BitcoinOPX allows creating options of sizes 10 or 100 as well. The 7% return would apply in any case. I'm happy to answer any questions. Smiley
Pages:
Jump to: