I moved the wallet to Blockchain.info, it's not that I trust my gmail account (and dropbox) is completely safe now but I guess it must be impossible to enter the account after I put up the google key two factor authentication.
blockchain.info is even worse than a desktop client! You computer has been compromized. Moving to blockchain.info won't make things any better.
What you should do is backup essential documents, delete everything on your computer, reinstall the operating system, install anti-malware software like anti-virus apps and scan and restore the backups. Then change your passwords everywhere including your email accounts. As far as bitcoins go you should move all the coins to a new wallet. Make sure you set a password on your new wallet.
At least blockchain.info has 2FA. If he sets it up with his phone number, they would need to have his cell phone in their hands to log into the account.
Not to mention it has IP lock so if you are outside if the set I.P address it wont function.
And a disable TOR IP address option too.
I think all this hoo-har surrounding the blockchain.info 2FA is slightly overblown for the following reason. The 2FA is only required for actions using the site.
Many people back up their wallet file or have it automatically backed-up/emailed to their email by blockchain.info. THIS WALLET FILE IS ENCRYPTED (using your main password) BUT NOT BY 2FA (or blockchain.info's "second password"), which I think many people believe it is.
So all an attacker needs is a copy of this backup file, and your primary password, which apaprently people keep losing.
Just wanted to make that point. I suppose, if your email has a strong password, and 2FA of its own (e.g. gmail), THEN you might be starting to get to somewhere secure.
OP I am interested, I think you mentioned that you are using OS X, right? Also, would you care to divulge your password metadata with us, for example for both your email, dropbox and multibit:
1) were the passwords all different?
2) length of each password?
3) alpha, numerals and symbols (#) in each password
My condolences for your loss too, by the way.
Thank you. Yes, I was using a Mac.
1) No, the passwords for the wallets where the same (I know, stupid me). The passwords for email and Dropbox where different.
2) About 8-10
3) The passwords for the wallets and the email where pretty good: alpha, numerals and symbols. The passwords for Dropbox was just alpha, although it was just a bunch of letters I came up with, not a dictionary word.
Also I turned on 2FA everywhere and changed all the relevant passwords and disabled TOR in blockchaininfo.
But I'm still apprehensive about what you said from the wallet backup from blockchaininfo. I didn't made a backup, I just printed that original wallet access codes. But now I'm a bit paranoid about if it's possible for the hacker to have access to that as well. Any thoughts on that?I think it's really difficult for the hacker to have some backdoor to my computer. It's a Mac, the SO was freshly installed about 1 month ago and it's got no fixed IP address. I still think this has something to do with Dropbox and/or my Gmail account. But to say the truth, now I'm not sure of anything anymore.
