Given that people are extremely lazy about account security I propose that mtgox requires mandatory 2 factor authentication for all accounts.
Also, stop withdrawing coins and dollars immediately! There should be a 24 hours notice for withdrawal. This give the chance for users to review and stop an action if they deem suspicious. (For users who crys for immediate gratification, force them to use 2 method for 2factor authentication at once, charge them a high fee for added risks, etc)
Also, 40K bitcoin withdrawal limit is incredibly dumb. It doesn't match up with 40K USD for a long time now.
If my security suggestions are dumb, feel free to say why. I am not a security expert but I am very interested in NOT REPEATING the bitcoinica fiasco or the mtgox fiasco or any other fiasco ever again.
Also, stop withdrawing coins and dollars immediately! There should be a 24 hours notice for withdrawal. This give the chance for users to review and stop an action if they deem suspicious. (For users who crys for immediate gratification, force them to use 2 method for 2factor authentication at once, charge them a high fee for added risks, etc)
Also, 40K bitcoin withdrawal limit is incredibly dumb. It doesn't match up with 40K USD for a long time now.
If my security suggestions are dumb, feel free to say why. I am not a security expert but I am very interested in NOT REPEATING the bitcoinica fiasco or the mtgox fiasco or any other fiasco ever again.
Kiba, while you are correct that EVERYONE should use 2 factor...this is not why Bitcoinica was hacked.
Bitcoinica was hacked (this time) because they had their mtgox API key on the server which the hacker was able to exploit.
I'm not sure if its possible to do 2 factor with the API.