Topic: Miners, You Should Be Earning 7% Fixed Income With Options - page 6. (Read 10894 times)

@Inaba: Asking for a second item for authentication is indeed a second factor.

I didn't say it's what is typically used. It's true that stronger TFA would include something in another category, such as something physical the user has.

Second, security involves context. You say 6 characters are not enough. But it what context? You are saying you know a way to crack a password that is a random 6 characters of upper and lowercase letters, numbers and symbols in no more than 7 tries?

@lemonz: I'm happy to discuss and clarify security procedures

First, I have to say I didn't directly address @Stephen Gornick's password concern. He stated he only feels secure with a password length at least 12 characters.

This stems from incomplete information about secure passwords. He may have heard a longer password is more secure, and this is generally true, but what's missing is when it makes a difference to use a very long password.

It only makes a difference if the attack method is brute force. If you are trying to secure your computer's hard drive with TrueCrypt because you don't want the government or anybody else to be able to access the files then yes password length becomes an issue. That's because the attacker/cracker is working mathematics against you, betting he can use pure computing power to brute force crack the password and thus password entropy becomes an issue. A 12 character password versus a 50 character password can mean the difference between them succeeding in 10-20 years or not for at least 100 years.

But that's not the use case here. As I mentioned brute force attacks are not available to attackers because we only allow 7 tries. That's it. It doesn't matter how strong the attacker's computer is, or number of EC2 instances (which cost money by the way) they have. It takes pure luck to get the password correctly guessed in 7 tries. It is simply a statistical impossibility.
______

Last, you mention users writing down their password, possibly on their computer. It's true that a password is only as secure as the person guarding it. For example, the article I linked explained a top vulnerability being simply asking a user (in relation to something else) what it is.

And still nothing is vulnerable to a malware installed keylogger, whether the user creates a super strong password themselves or not. And whether or not they are careful with it or not (memorized only etc.).

That's why we include two-factor authentication. Even a completely compromised password will not guarantee account access.

No. Nno. nononononononooooooooo. NO!

Let me guess. You are using MD5 to store passwords, yes? Because some site said it was secure?

Wow... talk about not understanding security.  This post alone scares me away from this venture.

Hint: Security questions are not 2FA.
Hint: 6 characters are not enough.

I understand where you are coming from, and I'm not saying whether it's right or wrong.  But I do have a couple comments:


Stephen's concern might stem from the security of your database, not the threat of a brute force.  Let's say you're hashing the passwords (which I hope you are, with two salts) and someone gains access to your hosting server.  Your salts and methods are now known and you're safe in the mindset that it would take 200 years for a powerful computer to crack it, while the hacker has spawned several thousand EC2 instances and has cracked half your database in less time that it takes for you to even detect the intrusion.


You are causing users to write down (or worse, save in a text file on their desktop / in their email) this password.  Also, you can not guarantee that users will not set other accounts to the same password as yours.  You security is now only as strong as your user's personal computer / email address.

I really like the idea of the site it's easy to read and I get the information I'm looking for immediately, and I commend you for your position on trying to protect users from themselves.  However I'm not convinced you're going about it the right way.  You might find it more user friendly to just enforce password restrictions (length / alphanumeric / symbols and any other rules) and call it a day.

Excellent new service.

Our site is highly secure. Security experts agree a password at least 6 characters long with a mixture of upper and lowercase letters numbers and symbols is very secure. Our generated passwords meet this criteria, but are at least 8 characters long. Such a password is impossible to guess.

There are two other things that make this secure: 1) The site allows only 7 login attempts before locking the user out so brute force attacks won't work. (otherwise brute forcing would take over 200 years to crack) 2) We use two-factor authentication which means an intruder must not only get the password right, but also your security answer to your security question.

If interested please also check out this informative article on password security:

http://www.baekdal.com/insights/password-security-usability

We don't allow users to set their own password to ensure they don't use a weak one, and also to ensure it's not duplicated from their other Web accounts. You may have heard LinkedIn and Last.fm databases with passwords were recently hacked. This makes all user online accounts vulnerable if they used the same password.

It only generates a password,  I cannot set the password myself.  it is a ... 9 character password.

For sites where my funds are stored, I only trust as being strong a 12 character or more password, which I create using KeePass.

Can't I be trusted to provide my own password?


 

Hmm, can't I just say trust me it works!

Seriously, options are hard to understand in depth, but I'll try to give the basics. Below is the option example given on our site:

Imagine a home buyer finds the perfect house for $300,000, but his loan won't be approved for one month. The house seller might write an option contract giving the potential buyer the right to buy the house for $300,000 one month later if he so chooses. The house seller sells this for $1,000, figuring he wins either way because he wants to sell the house. The buyer gladly pays $1,000 for the contract locking in the price.

Three weeks pass and the buyer learns his loan is declined, but the house he holds the option contract to has doubled in value to $600,000. This means his contract is worth $300,000 of savings to someone, and he can sell it for a tremendous profit. This can show the power of options.

Call and Put Options

A call option gives the holder the right (but not obligation) to buy the underlying asset at a set price. A contract holder will likely exercise this right if the market value of the asset is at or above the contract or "strike" price at maturity.

A put option gives the holder the right to sell the underlying asset at a set price. Put options are likely exercised if the market value of the asset is at or below the strike price at maturity.
_________________________________

Okay, so that's the basics for options. Now, in terms of finance and Wall Street we use terms like "in the money", "covered" etc.

You have to understand options in Wall Street finance are traded mostly for speculation, not investment, and you get these shortened phrases like "writing a covered call". Writing an option means you are the person creating the contract. The option is "covered" if you also own the underlying asset of the contract.

This is what miners should do, because it is a risk free way to make money.

Think of the home owner in the example above. Do you think it was wise for him to write the option contract and pocket the $1,000 since he planned on selling the house anyway? Of course it was. His only downside was not predicting his house value would double. Of course, the value could have went down too, but in that case he looks even smarter because he still has the $1,000 plus the house which he can still sell later.

Now, imagine he is actually a home builder and will be in this situation every single month. Doesn't it make sense for him to write and sell option contracts for added fixed income? It does from a mathematical point of view if prices rise and fall (he keeps the option proceeds either way). He only loses out if the home values always increase substantially and never drop.

Make sense?

BTW in-the-money means the contract holder has a positive position because the market value of the asset is above the strike price of the contract. In the example above the option on the home is in-the-money from the time it's written on forward since it never goes below $300,000.

I agree with the above miners. If you could use C++ or at least PHP to explain it, it would be great! 

Exactly. I am a hardware guy not a finance guy. Walk me through the math and we'll see if its interesting.

If you want to appeal to miners, many of whom are not traders, and many of whom are not native English speakers, you might want to start by explaining the terminology. What is a call, what is covered,what does "in the money" mean, etc.

Hi Miners,

BitcoinOPX.com has recently opened and I wanted to make sure everyone knows of a risk free way to earn 7%, for example, monthly returns on your coins.

This is possible because of the value options provide asset holders who are most likely planning to sell. Below is a great example provided by forum user waltmarkers in a speculation thread:


The example uses 1000 coins but BitcoinOPX allows creating options of sizes 10 or 100 as well. The 7% return would apply in any case. I'm happy to answer any questions.