My idea for automation in recovering stolen accounts

alegotardo

legendary

Activity: 2352

Merit: 1121

☢️ alegotardo™️

Quote from: Thirdspace on May 08, 2018, 07:24:55 AM

Quote from: alegotardo on May 07, 2018, 09:49:01 AM

All very simple for the user, easy to implement, automated and secure.
Why not?

as I said before in another thread, I believe theymos doesn't want automation on account recovery
he needs to review case by case and determine if account recovery should be granted

Quote from: alegotardo on May 07, 2018, 10:06:08 AM

See what currently this is the only way to recover a forum, but the process is all manual.
I am proposing the same thing, but in an automated and simple way.

sometimes for certain things automated process is bad and vulnerable to abuse
and doing it manually can discover something that an automated process cannot apprehend

We'll find a middle ground then...

First, the user do it the process automated (described in the first topic), and this triggers an alert for the theymos to will check the request.

So, Theimos isn't wasting time with fake requests and can still analyze if it recovers or not the account, based on its criteria.

Thirdspace

hero member

Activity: 1232

Merit: 738

Mixing reinvented for your privacy | chipmixer.com

Quote from: alegotardo on May 07, 2018, 09:49:01 AM

All very simple for the user, easy to implement, automated and secure.
Why not?

as I said before in another thread, I believe theymos doesn't want automation on account recovery
he needs to review case by case and determine if account recovery should be granted

Quote from: alegotardo on May 07, 2018, 10:06:08 AM

See what currently this is the only way to recover a forum, but the process is all manual.
I am proposing the same thing, but in an automated and simple way.

sometimes for certain things automated process is bad and vulnerable to abuse
and doing it manually can discover something that an automated process cannot apprehend

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: mdayonliner on May 08, 2018, 06:43:03 AM

You know what I think of the reasons for all these account hack and stuffs? Most probably it's for that (.to) phishing site. How come these people do not see that it's not .org it's .to

I fell for it, until I realized I wasn't logged in. The main problem is that Google shows many links to the phishing site, instead of banning them.
I don't normally look at tiny details in the top-bar when I'm just reading websites.

Quote from: LoyceV on January 14, 2018, 09:37:30 AM

I have added this line to /etc/hosts

Code:

127.0.0.1       bitcointalk.to

Now my computer can't access that phishing site anymore.

Now it looks like this:
Loading no phishing screenshot...

mdayonliner

copper member

Activity: 630

Merit: 420

We are Bitcoin!

Quote from: LoyceV on May 08, 2018, 05:54:03 AM

Even worse, phishing sites may start abusing this by convincing people to enter their private key. People are already entering their password on fake Bitcointalk (phishing) sites!

You know what I think of the reasons for all these account hack and stuffs? Most probably it's for that (.to) phishing site. How come these people do not see that it's not .org it's .to

Click here if unable to see image

Please people, wake up!!!

alegotardo

legendary

Activity: 2352

Merit: 1121

☢️ alegotardo™️

Quote from: digaran on May 07, 2018, 09:05:47 PM

Sold accounts not stolen, people should stop selling accounts. you want automate the process to farm and sell accounts industrially and then scam people.

I agree with you, I didn't think that way.
But, don't accuse me of practicing it (I hope it was not your intention).
In any case, if a person buys a bitcointalk account, she needs to f##k herself.

I think this would reduce reduce the sales if the administrator blocks the change of a wallet signature set in the profile.
Whoever buys an account knows that seller can recovery it.

Quote from: antifraud01 on May 07, 2018, 11:27:05 PM

Leave your bitcoin address and signature, this method is still available, but the efficiency of recovery is very low.

I've done this and everyone should do it, the problem lies in the fact that recovery is slow (sometimes impossible).
Apart from the time and hassle that managers spend on recoveries.

Quote from: LoyceV on May 08, 2018, 05:54:03 AM

People have their Bitcoins stolen all the time. If someone can't keep a forum password secure, chances are he'll lose other data too. Even worse, phishing sites may start abusing this by convincing people to enter their private key. People are already entering their password on fake Bitcointalk (phishing) sites!

I've never seen any other forum where so many users lose access to their account. It's your own responsibility to keep your computer secure, Admins are already overloaded in work, and I don't think they want to add more features to the forum just for people who can't keep their password secure. Account recovery doesn't have a high priority.

It's true, the user will never stop being a user, susceptible to hacking, pishing and viruses. It's unfortunate and I agree with you.
And if he is dumb to give even your wallet private key, then he doesn't deserve to have a recovered account.

About the time of admins, I still think they spend much more time recovering these stolen/sold accounts than they would lose if they were to implement this feature.

Anyway...
My idea was to discuss the technical feasibility of a simple feature, but it seems that everyone thinks that the user does not matter, even if the cost is minimal.

Sorry again for my english and excuse my stubbornness Tongue

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: alegotardo on May 07, 2018, 09:49:01 AM

All very simple for the user, easy to implement, automated and secure.
Why not?

People have their Bitcoins stolen all the time. If someone can't keep a forum password secure, chances are he'll lose other data too. Even worse, phishing sites may start abusing this by convincing people to enter their private key. People are already entering their password on fake Bitcointalk (phishing) sites!

I've never seen any other forum where so many users lose access to their account. It's your own responsibility to keep your computer secure, Admins are already overloaded in work, and I don't think they want to add more features to the forum just for people who can't keep their password secure. Account recovery doesn't have a high priority.

antifraud01

newbie

Activity: 21

Merit: 0

Leave your bitcoin address and signature, this method is still available, but the efficiency of recovery is very low.

digaran

copper member

Activity: 1330

Merit: 899

🖤😏

Sold accounts not stolen, people should stop selling accounts. you want automate the process to farm and sell accounts industrially and then scam people.

alegotardo

legendary

Activity: 2352

Merit: 1121

☢️ alegotardo™️

Quote from: mdayonliner on May 07, 2018, 09:57:04 AM

What if you are not using a valid email address? The forum does not have an email verification feature.

Regardless of whether your email is valid or not, you only need the private key of your wallet to reset the password and also the email address of your account. Wink

Quote from: mdayonliner on May 07, 2018, 09:57:04 AM

I had a different proposal to automate the same thing. Click here. I have seen similar proposal from another user too. I guess theymos has his own idea, may be he does not want this to be automated or may be he is looking for a better solution.

In fact it should have, but what is the idea and when will it be implemented?
Daily, numerous users suffer from slow recovery of their accounts Sad

Quote from: mdayonliner on May 07, 2018, 09:57:04 AM

I heard they are working on new forum software so hopefully we will be seeing a solution for this in the new software.

Sincerely,
I already believe more in Santa Claus than in the new forum. Undecided

My idea is good.
See what currently this is the only way to recover a forum, but the process is all manual.
I am proposing the same thing, but in an automated and simple way.

mdayonliner

copper member

Activity: 630

Merit: 420

We are Bitcoin!

What if you are not using a valid email address? The forum does not have an email verification feature.

I had a different proposal to automate the same thing. Click here. I have seen similar proposal from another user too. I guess theymos has his own idea, may be he does not want this to be automated or may be he is looking for a better solution.

I heard they are working on new forum software so hopefully we will be seeing a solution for this in the new software.

alegotardo

legendary

Activity: 2352

Merit: 1121

☢️ alegotardo™️

I've been thinking of an automated way to recover stolen accounts...
And i thought of a simple solution to be implemmented.

The user signs a message only with his nickname (the same as the forum) and fills two fields in the forum: wallet and signature.

The system checks the message based on the entered wallet and nickname of the account and verifies if it checks with the informed signature.

When that user needs to retrieve your account, he accesses a specific link, for example: https://bitcointalk.org/recovery.php
The forum informs a random word and requests the nickname and signature.
The user signs a new message with the word informed and pastes the signature into the forum.
The forum verifies the signature by searching for the wallet stored in the system, corresponding to the nickname informed. If everything is okay, ask for new password and email for the account in question.

All very simple for the user, easy to implement, automated and secure.
Why not?

Sorry for my english

Topic: My idea for automation in recovering stolen accounts (Read 225 times)