<...>
Not really, but it hinders your security. Knowing your account’s email can help scammers to create a targeted phishing campaign, or to try to cross-reference with other hacked site black-market information in case you are using the same password. You may also be using a very weak guessable password. Not making your account’s email publicly known mitigates these factors. 
Topic: Protect Your Account (Read 552 times)
You really did this step, but how can our e-mail be hacked only by knowing it, as long as the password is kept securely, can the password be hacked only through the address?
what i would like to suggest to all users here is that you should change your password here from the forum in various intervals and you should also change the password of your e-mail account in the same intervals - so you are actually very protected against account hacks
I think someone already posted detailed instructions on how to make a strong password to avoid getting hack easily. If I'm not mistaken, the OP was GreatArkansas. wait let me post it here so that anyone could also benefit from his old thread.
Here you go: https://bitcointalksearch.org/topic/guide-how-to-create-a-strongsecure-password-5132378
This thread might old but it is something you must know when creating passwords.
How reckless and self-confident do you need to be in order to put your email on public display? It's the same as walking around with the inscription on the T-shirt "Fuck me". These things are basic security fundamentals.
And also, in order to be absolutely sure of your safety, come up with a complex password of 50 characters long. Thats all - you don't have to worry about anything anymore. Your forum account will be completely protected!
And also, in order to be absolutely sure of your safety, come up with a complex password of 50 characters long. Thats all - you don't have to worry about anything anymore. Your forum account will be completely protected!
what i would like to suggest to all users here is that you should change your password here from the forum in various intervals and you should also change the password of your e-mail account in the same intervals - so you are actually very protected against account hacks
This kind of feature has a different purpose still I'm not using this because I want to avoid getting trouble with my emails I know some of the suggestion of the other member that will use other emails not on their main account because this is prone to hackers and other people want to steal your information especially the email. The good thing right here with the use of this is you can send directly to the member you want to do outside to our forum but still I highly recommended too to use other emails for your other transactions it's not because you don't want to know or become anonymous it's just because of safety.
<...>
<...>My simple advice for you guys is to never use the emails you already used in signing up to this forum, wallets or others with confidetial infos. Because the more you used it, the more prone it become against phishing attacks or other means of hacking. Making email addresses is now as easy as 1 2 3 so don't be hesitate to create a new one for vulnerable places.
Well you don't have to struggle when it comes to store your email I believe your smartphone can accumulate more than 1 to 2 emails and probably most of the login on the browser are saved and even with that the advice to make use of 2af is most recommended.
<...>
<...>My simple advice for you guys is to never use the emails you already used in signing up to this forum, wallets or others with confidetial infos. Because the more you used it, the more prone it become against phishing attacks or other means of hacking. Making email addresses is now as easy as 1 2 3 so don't be hesitate to create a new one for vulnerable places.
I was going to ask on why enabling secret question wasn't a good idea 'cause it confused me (when it was designed to help you for retrieving your account password), and then I see this. Thanks for the input though. I was wondering few days ago if I should make one for myself but I think, I should withdraw from doing it so now :D.
Secret questions can be used if you forget your login password. As mentioned before, this will result in the account being locked, and to recover it, you must be able to prove ownership of the account by showing the PGP key or Bitcoin address associated with the account and signing it.https://bitcointalksearch.org/topic/m.48896084
And if you are already using a secret question, then want to disable/reset it, leave it blank. Make sure everything is empty; no whitespace or invisible characters.
Yes, just keep it blank. Make sure that the secret question area isn't full of whitespace characters. (Spaces don't count, but some other whitespace/invisible characters do.)
This is a great way for preventing scammers.But what about the bounty hunters?
They are very unconscious about their personal information and scammers can easily reach their sensitive information like email and social accounts.
So my advice is to be experienced and to be learnt about scammers and always use best protection.
They are very unconscious about their personal information and scammers can easily reach their sensitive information like email and social accounts.
So my advice is to be experienced and to be learnt about scammers and always use best protection.
I’d like to presume that people that engage in airdrops and bounties, some of which require an email, are not providing their forum’s registry email (and preferably, they’d be using an email solely for these purposes, with no ties to anything else). Bounties and airdrops subscriptions end-up either being publicly visible in posts and lists, or used for any sort of purpose once obtained. That is a complementary, and probably more frequent malpractice, to displaying the email on the user’s profile.
Yes exactly, those set are have many accounts registered here but no mind of email protection from public because of the purpose of the accounts. I have never thought hackers steals via email in as much as there's is no availability of password to email with them or something.
It's scary to think that you can get malware or get your account hacked just by clicking on a link. Browsers are supposed to be a safe environment that can's just so easily be used as a vector for getting hacked by simply visiting a site. Perhaps there's an XSS or XSRF vulnerability on the website of OP's email provider - that could be an easy explanation for what happened. In that case an addon like NoScript can help reduce the risk, as long as you don't manually allow scripts on the malicious site.
You are better off avoiding activating Secret Questions and using other security.
This is true, I have experience to use this feature in the past. I can take over user account just because they are put a real jobs in his life. Of course what i do just for security reason not for hacking. So i told him to deactivate the feature and change it to use SMS verification in case he lost his account. Secret question has limited answer, when we choose the name of family someone can know it, using jobs, someone also can find it. So if we want to safe from hacking. if we put a fake information, we can forget about it. That why i never activate any secret questions again.
I enable the secret question pretty soon (probably during the account creation procedure), and later came to read that resorting to its use would indeed lock your account, being the unlocking procedure not immediate nor trivial. As such, I left the secret Q/A there, on the profiles, but often felt like I really wanted to delete it (having a signed message on the appropriate thread seemed more fitting). It took me ages to delete it, but it’s really rather trivial:
-snip-
Locking the account after doing the forgot password method with a Secret Question is intended so that the person doesn't easily open the account. -snip-
Just imagine if a scammer who knows about the secret quest that we have previously set up, locks the account to further secure the account itself.
The impact of being locked into an account will be uncomfortable when the user does it himself. To try to open a locked account I created another account and contacted the moderator via PM Bitcointalk and also contacted the bitcointalk recovery team via email. I can open my account in just a few hours.
ACCOUNT LOCKED FIX PROBLEM
I sent a message to the email that was printed when the account was locked and the bitcointalk recovery team responded well.
I was going to ask on why enabling secret question wasn't a good idea 'cause it confused me (when it was designed to help you for retrieving your account password), and then I see this. Thanks for the input though. I was wondering few days ago if I should make one for myself but I think, I should withdraw from doing it so now 
.
You are better off avoiding activating Secret Questions and using other security..In order for you to prove that the account is your account, you need to do SIGNED MESSAGE BITCOIN ADDRESS, as DdmrDdmr
-snip-(having a signed message on the appropriate thread seemed more fitting).
You can do it here.
Stake your Bitcoin address here
https://bitcointalksearch.org/topic/stake-your-bitcoin-address-here-996318
Also, enable additional security such as 2fa in the email used in this forum. And use different email and passwords with accounts on forums or other social media.
And then I suggest not to use the Secret Question in Account Related Settings.
-
The reason for not suggesting the use of secret questions may be because, this feature will automatically lock the account when trying to recover passwords using the Secret Question Method. Because I have experienced this, when I forget my password and want to change it, then I use a secret question that I have previously set, the result is my account is locked.And then I suggest not to use the Secret Question in Account Related Settings.
-
2FA email might be very helpful for securing email, I have also implemented it.
I was going to ask on why enabling secret question wasn't a good idea 'cause it confused me (when it was designed to help you for retrieving your account password), and then I see this. Thanks for the input though. I was wondering few days ago if I should make one for myself but I think, I should withdraw from doing it so now
. <...>
I enable the secret question pretty soon (probably during the account creation procedure), and later came to read that resorting to its use would indeed lock your account, being the unlocking procedure not immediate nor trivial. As such, I left the secret Q/A there, on the profiles, but often felt like I really wanted to delete it (having a signed message on the appropriate thread seemed more fitting). It took me ages to delete it, but it’s really rather trivial:<...> I had this step (deleting my secret question) pending for ages, and it has not been until now that I’ve gone ahead with it. Just a minor observation: Since the Answer is displayed as blank, you can’t really delete the content of the field. I therefore deleted the question, assumed that the answer deletion would be deleted, and hoped for the best. Logging out and back in again works fine, so I figure that was all that was required (+ > Enter your "Current Password" > Click "Change profile" button <…> as you stated).
Also, enable additional security such as 2fa in the email used in this forum. And use different email and passwords with accounts on forums or other social media.
And then I suggest not to use the Secret Question in Account Related Settings.
The reason for not suggesting the use of secret questions may be because, this feature will automatically lock the account when trying to recover passwords using the Secret Question Method. Because I have experienced this, when I forget my password and want to change it, then I use a secret question that I have previously set, the result is my account is locked.And then I suggest not to use the Secret Question in Account Related Settings.
2FA email might be very helpful for securing email, I have also implemented it.
**Also posted in Meta but sharing here too. Even if it helps one person it’s worth it**
If you haven’t already then follow these steps to make your email address hidden -
- Click Profile at the top of your browser
- Under Modify Profile on the left click Account Related Settings
- Make sure the circled box is ticked (example email address is not mine)
Safe surfing & fuck hackers!
If you haven’t already then follow these steps to make your email address hidden -
- Click Profile at the top of your browser
- Under Modify Profile on the left click Account Related Settings
- Make sure the circled box is ticked (example email address is not mine)
Safe surfing & fuck hackers!
Also make sure you are on a secure network wherever it is. In some cases, hackers hack networks to get usernames and passwords from our accounts. this often happens in public places.
Yes, the "hide email address from public" flag is on by default (meaning hidden), but I guess people are used to being rather social, and switch it of in many cases (some are business relate, and therefore deliberately conscious). Going through a profile DB I have with 2.481.270 profiles, almost 56k accounts had an associates visible email.
I figure though that BitcoinGirl.Club’s case is not down to the email being visible on the profile (I don’t think it was, and Archieve sites seem to show it as hidden historically, right up to a snapshot from a couple of days ago). It looks more like some malware got installed after following a link.
I figure though that BitcoinGirl.Club’s case is not down to the email being visible on the profile (I don’t think it was, and Archieve sites seem to show it as hidden historically, right up to a snapshot from a couple of days ago). It looks more like some malware got installed after following a link.
So this answers my question in his post in the meta section. I don't think most of them unhiding their email is a social move but more of a business move to me, the mistake members do by showing their email is of course their email that they are showing is also their email to their account in BCT which is the wrong move. Showing your BCT account email will only put targets at your back and you will be vulnerable to numerous phishing attempts by doing so. If you have a separate email for business transactions then it would be easier for you to filter out the fraud emails you are receiving.
Oh, that man really messed it up in just one night. I think the hacker got it all cleared after the owner of the account has fallen to sleep. This something I knew before when I was a newbie in the industry. Once they know the email address you are using, You just give them a 50% chance to steal your account. The good thing is, most of the users are already hide their email add in their profile. He can regain back his account since he maybe has the necessary information to give the Cryptios.
Find more information here to know about the Cryptios: https://bitcointalksearch.org/topic/division-of-powers-5143439
Find more information here to know about the Cryptios: https://bitcointalksearch.org/topic/division-of-powers-5143439
Jump to: