poloniex account security | Bitcointalksearch.org

bamboylee

hero member

Activity: 1148

Merit: 504

Quote from: pixie85 on November 16, 2017, 04:44:20 PM

How would you tell your 2fa to someone? I mean you'd have to send them the code every time you request a withdrawal, which would defeat the purpose. I mean the code expires after some time so the thief would have to literally steal your phone (or just the sim card) before hacking into your account and requesting withdrawal. It's much harder to do than hacking an email.

You can share your qr codes to a person and store it to his authenticator. Then he have a copy of your 2FA.

I think OP know the risk of sharing his accounts but I still will not recommend it to him. That is too much risk and the only protection he have left is his email which can be easily hacked or phished.

deadsilent

hero member

Activity: 1148

Merit: 500

Yes, i think it's safe enough. As long as you keep your email a secret. You'll be fine. The final approval for funds to withdraw is thru your email.
But if they have the access to your poloniex account. They can mess with your funds including your coins out there. It could cause you funds to be loss also. So that's not good. So better if you change your password to prevent others from accessing your account unless you want it to be accessed by someone that you gave your account details.

But i suggest, do not share any details of your account. That the smart thing to do. It's hard to trust someone when it comes to money.

mobnepal

legendary

Activity: 1218

Merit: 1006

Quote from: ololo80 on November 14, 2017, 02:43:35 PM

Hi,
I would like to know if i say my account login\password\2fa to another person (for example for trading), can i be sure that he will not be able to withdraw my founds without e-mail access?

It is not safe but I think he can't move funds out of the exchange without email access. But he/she can make nasty moves if there will be misunderstanding between you two and you can easily loss so much or even all you have if he/she will Buy/Sell some shitcoins at ask and bid price which has high price spread like of 10%.

So I will never give access to my account to anyone even not to my brother or best friend.

pixie85

hero member

Activity: 2184

Merit: 531

Quote from: ololo80 on November 14, 2017, 02:43:35 PM

Hi,
I would like to know if i say my account login\password\2fa to another person (for example for trading), can i be sure that he will not be able to withdraw my founds without e-mail access?

It is possible to make direct withdrawal request without e-mail access/confirmation? I know that on polo e-mail confirmation is mandatory.
I know about illiquid tickers scheme, but i'm talk about direct withdrawal.
I would like to know if i'm missing some technical opportunity on the part of the exchange.
Also only me know support freshdesk login\password, if it matters.

I will be glad to any advice

How would you tell your 2fa to someone? I mean you'd have to send them the code every time you request a withdrawal, which would defeat the purpose. I mean the code expires after some time so the thief would have to literally steal your phone (or just the sim card) before hacking into your account and requesting withdrawal. It's much harder to do than hacking an email.

countryfree

legendary

Activity: 3066

Merit: 1047

Your country may be your worst enemy

Poloniex requires email confirmation before any withdrawal. So you're quite safe, but if I were you I would not share my account with anyone. I know I won't ever do that.

swogerino

legendary

Activity: 3318

Merit: 1247

Bitcoin Casino Est. 2013

Quote from: ololo80 on November 14, 2017, 02:43:35 PM

Hi,
I would like to know if i say my account login\password\2fa to another person (for example for trading), can i be sure that he will not be able to withdraw my founds without e-mail access?

It is possible to make direct withdrawal request without e-mail access/confirmation? I know that on polo e-mail confirmation is mandatory.
I know about illiquid tickers scheme, but i'm talk about direct withdrawal.
I would like to know if i'm missing some technical opportunity on the part of the exchange.
Also only me know support freshdesk login\password, if it matters.

I will be glad to any advice

Yes you can be sure that any hacker cannot withdraw anything without your 2fa from google authenticator app from your phone and without knowing your password to your email account as every time you withdraw from polo you have to put the 2fa when withdrawing if enabled and after that you have to click a confirmation link sent to your email account.

Slow death

legendary

Activity: 3164

Merit: 1127

Leading Crypto Sports Betting & Casino Platform

Quote from: ololo80 on November 14, 2017, 02:43:35 PM

It is possible to make direct withdrawal request without e-mail access/confirmation?

No. In times I used polo as I remember whenever I made the withdrawal request I received the confirmation email and without the email I did not withdraw anything, so if you gave your account to someone to make a trade for you (which I do not recommend people do), this person would not make withdrawals.

Remember: do not trust anyone, you never know when a good person becomes a bad person and when an honest person becomes a thief and a liar

Alns

sr. member

Activity: 602

Merit: 250

Poloniex is very safe, you are not going to be hacked in there if you enable your 2fa because it will mean that the hacker will have to pass through a lot of security to withdraw your funds, and if you dont have a considerable amount of money in there, you are not exposed to anything.
I have my 2fa, and everytime that there is a new withdrawal request, i get a new confirmation on my email, this makes me sure that i am never going to be hacked from there.
The only ones who can stole your coins are the ones from Polo, lol.

ololo80

newbie

Activity: 39

Merit: 0

Hi,
I would like to know if i say my account login\password\2fa to another person (for example for trading), can i be sure that he will not be able to withdraw my founds without e-mail access?

It is possible to make direct withdrawal request without e-mail access/confirmation? I know that on polo e-mail confirmation is mandatory.
I know about illiquid tickers scheme, but i'm talk about direct withdrawal.
I would like to know if i'm missing some technical opportunity on the part of the exchange.
Also only me know support freshdesk login\password, if it matters.

I will be glad to any advice

Topic: poloniex account security (Read 313 times)