Author

Topic: Never trust BTCT.CO 's FAQ about GAuth! (Read 3707 times)

full member
Activity: 196
Merit: 100
I love Bitcoin
September 23, 2013, 03:46:41 AM
#18
Oh Dear the btct.co site is shutting down!!
I said in btc world 1 month means 1 year!

So what can I do with all my assets!!

Burnside ,please reset the gauth , please!


hi, i think your have timing problem with smartphone, you can sync your phone time to automatically. after that the GA can be use..
full member
Activity: 159
Merit: 100
Winter is coming
September 23, 2013, 03:34:02 AM
#17
Oh Dear the btct.co site is shutting down!!
I said in btc world 1 month means 1 year!

So what can I do with all my assets!!

Burnside ,please reset the gauth , please!
full member
Activity: 159
Merit: 100
Winter is coming
September 22, 2013, 07:05:41 PM
#16
Hey, just wanted to apologize for the typo in the gAuth FAQ.  It was written up prior to several changes I made to the 2FA setup interface.  It's updated now.

Deprived is right.  Proving that you are John Smith doesn't help when trying to claim an account because I don't know that the account belonged to John Smith in the first place.

Same goes for signing addresses.  I have no way of knowing if a wallet is compromised.

Ugh.  Sad



Apologies means nothing without action.
full member
Activity: 159
Merit: 100
Winter is coming
September 20, 2013, 12:14:01 PM
#15
Many thanks ,dude!

member
Activity: 77
Merit: 10
A Colt Crossed the River
September 20, 2013, 12:01:25 PM
#14
Hey, just wanted to apologize for the typo in the gAuth FAQ.  It was written up prior to several changes I made to the 2FA setup interface.  It's updated now.

Deprived is right.  Proving that you are John Smith doesn't help when trying to claim an account because I don't know that the account belonged to John Smith in the first place.

Same goes for signing addresses.  I have no way of knowing if a wallet is compromised.

Ugh.  Sad



burnside, would you please do me a favor? I have sent you several forum messages but got no reply.


We have added several btct.co tickers on the main page and price info page of btc123.com which is the most popular bitcoin web directory and price info website amoung Chinese bitcoin communities. However we have encountered an issue that server often cannot get ticker from btct.co API, it seems that btct.co is running properly but the firewall or cdn used by btct.co has blocked the server IP of btc123.com (usually the block time lasts for 8-12 hours)

You can see the stocks ticker info on page : http://z.btc123.com (this is the price info page ) and  http://www.btc123.com (main page)

Would you please help check the issue and if necessary kindly add btc123's server ip to the whitelist of the firewall?

(btc123 server's IP is 124.232.145.204)

Many thanks!
hero member
Activity: 968
Merit: 515
September 20, 2013, 11:48:51 AM
#13
Quote
Burnside, do you consider adding the possibility to link your phone number to the exchange? Would it provide a valid recovery method?
That would nice. The 30 days waiting period is not the best way.
member
Activity: 77
Merit: 10
A Colt Crossed the River
September 20, 2013, 11:39:57 AM
#12
Hey, just wanted to apologize for the typo in the gAuth FAQ.  It was written up prior to several changes I made to the 2FA setup interface.  It's updated now.

Deprived is right.  Proving that you are John Smith doesn't help when trying to claim an account because I don't know that the account belonged to John Smith in the first place.

Same goes for signing addresses.  I have no way of knowing if a wallet is compromised.

Ugh.  Sad



Please do something.
I have placed a ticket in btct support system, and i got no reply.
I also pmed you in this forum and also got no reply.

I still have access in btct.co, I requested a GA reset just now, using my registered email address, Sure you may say that's not enough;
I can using the same name in this forum as btct .co, also you may say that's not relate to btct.
I can sign the adress, my locked withdrawal address, yah , you may say that may be compromised.

You should have some other option, to let me shorten the 30 day period. In bitcoin world, 30 days just as long as a year in true world.

I'm an active btc player in Chinese bitcoin world, I had face to face contact with some friends you may know in this forum , that may prove the whole thing if you want more proof.

Just tell me what I can do, because I did the action following what the official FAQ listed in btct.co. I belived in them before.



I can prove what caoxg said is real if it can do some help to him. He is a friend of mine.

I am the webmaster of btc123.com , a well-known bitcoin website directory in Chinese bitcoin community.
full member
Activity: 159
Merit: 100
Winter is coming
September 20, 2013, 09:52:06 AM
#11
Hey, just wanted to apologize for the typo in the gAuth FAQ.  It was written up prior to several changes I made to the 2FA setup interface.  It's updated now.

Deprived is right.  Proving that you are John Smith doesn't help when trying to claim an account because I don't know that the account belonged to John Smith in the first place.

Same goes for signing addresses.  I have no way of knowing if a wallet is compromised.

Ugh.  Sad



Please do something.
I have placed a ticket in btct support system, and i got no reply.
I also pmed you in this forum and also got no reply.

I still have access in btct.co, I requested a GA reset just now, using my registered email address, Sure you may say that's not enough;
I can using the same name in this forum as btct .co, also you may say that's not relate to btct.
I can sign the adress, my locked withdrawal address, yah , you may say that may be compromised.

You should have some other option, to let me shorten the 30 day period. In bitcoin world, 30 days just as long as a year in true world.

I'm an active btc player in Chinese bitcoin world, I had face to face contact with some friends you may know in this forum , that may prove the whole thing if you want more proof.

Just tell me what I can do, because I did the action following what the official FAQ listed in btct.co. I belived in them before.

full member
Activity: 191
Merit: 100
September 20, 2013, 04:15:33 AM
#10
Burnside, do you consider adding the possibility to link your phone number to the exchange? Would it provide a valid recovery method?
legendary
Activity: 1106
Merit: 1006
Lead Blockchain Developer
September 20, 2013, 02:35:41 AM
#9
Hey, just wanted to apologize for the typo in the gAuth FAQ.  It was written up prior to several changes I made to the 2FA setup interface.  It's updated now.

Deprived is right.  Proving that you are John Smith doesn't help when trying to claim an account because I don't know that the account belonged to John Smith in the first place.

Same goes for signing addresses.  I have no way of knowing if a wallet is compromised.

Ugh.  Sad

sr. member
Activity: 245
Merit: 250
September 19, 2013, 09:37:00 AM
#8
Couldn't he just verify by sending a specific amount from that address??
vip
Activity: 812
Merit: 1000
13
September 19, 2013, 09:34:19 AM
#7
It's not a lot of use proving you're MR X unless burnside had already accepted that MR X owned the account in question.

That's why the guarantor signs a statement of ownership and not a statement of identity (although such a letter would naturally include your identity). It means you provide proof of your ownership i.e. you sign a message with the withdrawal address. I completely agree that without accepting that MR X owns the account in question it would be ludicrous to turn it over to him simply because he proves he has an identity.

I wouldn't be surprised if ignoring such a letter would open you to some kind of civil suit in most parts of the world.
hero member
Activity: 532
Merit: 500
September 18, 2013, 11:10:05 PM
#6
I really believe my head was hit by a ton of bricks to do this silly thing .

I still cannot forgive myself.



The 30 days is there to protect you, because someone who steals your wallet could check blockchain.info and start e-mailing exchanges asking for a password reset. 30 days is so if you did get hacked, you have plenty of time to contact burnside (and everyone else) and explain what happened.

If you have a lot of money and a lawyer or doctor friend, getting your account back immediately is trivial. Just have your lawyer or doctor friend guarantee the statement of ownership. Just write a photo-letter to burnside -- the guarantor must write a declaration "I certify this to be a true likeness of (name)" and sign the back of the letter, and sign and date the photo. A scan or fax will be sufficient, because burnside can then contact the individual independently to verify what you have given him is true. I expect burnside would charge a fee for this service but I can't see any reasonable reason he would decline the process. Then again it isn't exactly standard procedure in the world of bitcoin finance.

p.s. if you can't find a lawyer, traditionally accepted alternates fall along the lines of dentist, judge, police officer, mayor or notary public or above, or the signing officer or president of a bank.

It's not a lot of use proving you're MR X unless burnside had already accepted that MR X owned the account in question.  Everyone actually has an identity that they can prove is them - the problem is proving that identity is the one that owns the account.

I'd certainly hope that noone who produced a letter from lawyer, doctor or whatever could take control of MY funds just because they had convincing proof that they had a name.  What you refer to is acceptable proof of proving an identity (and only in the same country) - and has nothing to do with determining ownership of an asset where the owner's identity was not previously established.  Or do you really believe that knowing a doctor/lawyer (or someone willing to pass themself off as one) is good grounds for taking ownership of things where no identity of the owner had previously been declared?
vip
Activity: 812
Merit: 1000
13
September 18, 2013, 10:40:31 PM
#5
I really believe my head was hit by a ton of bricks to do this silly thing .

I still cannot forgive myself.



The 30 days is there to protect you, because someone who steals your wallet could check blockchain.info and start e-mailing exchanges asking for a password reset. 30 days is so if you did get hacked, you have plenty of time to contact burnside (and everyone else) and explain what happened.

If you have a lot of money and a lawyer or doctor friend, getting your account back immediately is trivial. Just have your lawyer or doctor friend guarantee the statement of ownership. Just write a photo-letter to burnside -- the guarantor must write a declaration "I certify this to be a true likeness of (name)" and sign the back of the letter, and sign and date the photo. A scan or fax will be sufficient, because burnside can then contact the individual independently to verify what you have given him is true. I expect burnside would charge a fee for this service but I can't see any reasonable reason he would decline the process. Then again it isn't exactly standard procedure in the world of bitcoin finance.

p.s. if you can't find a lawyer, traditionally accepted alternates fall along the lines of dentist, judge, police officer, mayor or notary public or above, or the signing officer or president of a bank.
full member
Activity: 159
Merit: 100
Winter is coming
September 18, 2013, 10:08:15 PM
#4
I really believe my head was hit by a ton of bricks to do this silly thing .

I still cannot forgive myself.

hero member
Activity: 532
Merit: 500
September 18, 2013, 10:02:11 PM
#3
I followed btct.co's faq about gauth just now:


Quote
Codes from Google Authenticator not working after phone reset

If you recently reset or wiped your phone, the Google Authenticator app might not be able to generate valid codes. To get your Google Authenticator app working again, you will need to delete your account from the app, turn off 2-step verification, turn it back on, and add your account to the app again.

Open the Google Authenticator app on your phone.
Delete your account from the app.
Press and hold the account you want to delete, then tap Delete on the dialog box that pops up.
Go to your 2-step verification settings page and rescan your QR Code.


Yes I silly believed the offical FAQ should work ,and I deleted my btct.co account from google authenticator!
and ,where can I 'Go to your 2-step verification settings page and rescan your QR code?'

the 'change gauth settings' button in 'Account -> Google authenticator' menu seems broken, it just jump back to account homepage.

Now I cannot do any transactions in BTCT!
If I choose to reset my Gauth in btct, I'll be locked for 30 days!!!

Totally FAIL!






If your GA was working fine why would you conceivably believe deleting the code from GA before disabling authentication on the server was sensible?

I mean if you wanted to change your password on a site and the FAQ said "repeatedly hitting yourself in the head with a brick can help you forget the old password" I'd still have some doubts over whether forgetting the old password was actually a useful objective to aim for and would, at a minimum, ensure I changed the password to a new one (that I could remember) before smacking myself in the head with a lump of masonry.

Similarly, if a site told me how to delete my GA details I'd disable the need for those details before actually making any effort to delete them.
full member
Activity: 159
Merit: 100
Winter is coming
September 18, 2013, 10:00:16 PM
#2
I simply can't understand why they need to lock for 30 days?
A very simple sign by my withdrawal address will let burnside know I own the account.
full member
Activity: 159
Merit: 100
Winter is coming
September 18, 2013, 09:56:41 PM
#1
ok, i'll try to discuss with burnside at first.
Jump to: