Topic: Protecting Your Account (Read 460 times)
thanks for sharing this, i have checked in my profile, and it was already checked, probably that is a default setting, nevertheless one should check because it is rather important to stay safe online
After reading the op, I immediately checked whether my email address here is hidden as stated. Good thing it is 'cause it's been a long time since I checked if my email is seen in public or not. It's not the email I use for important things, though, but I prefer for it to stay hidden just to be sure. I have multiple email accounts; one email for work; another for things involving money; and another for other purposes.
Gosh. Hackers are really everywhere. Let's always stay safe, everyone.
Gosh. Hackers are really everywhere. Let's always stay safe, everyone.
Hackers are always there to exploit any loop holes or any negligence from us. Hiding the email will certainly prevent the hackers from accessing the account in one way. Also it has been emphasized many time to use 2fa in email and do not disclose your email address on which you have important banking or exchanges account.
I had not been protecting my account ever since and they can hack this account anytime. I have no worries about it for I can still make a new one here. Anyway, I can get merit if I wanted to even just for member in rank. e for letting the project pays you.
The OP is not concern only on the account here in forum but also the security of every users by not showing off important details on the profile section that comprises of personal email, birthdate, social account displayed in the profile section. Like there is a guy who posted last few weeks almost all his personal identity so everyone warned him about his data.If you dont care about your account then thats not a good atittude. Since you made an account here, you must have a sense of responsibility to protect it even you dont like.
I had not been protecting my account ever since and they can hack this account anytime. I have no worries about it for I can still make a new one here. Anyway, I can get merit if I wanted to even just for member in rank. But, I am not that confident though to reach that rank but still it could be attainable. But I am not after for the rank, the best thing to be here in the forum is to learn from others and reading news about bitcoin. There are other users posting on successful story about bitcoin and there so much we can learn about them. Promoting projects is not really a priority but it can be like an incentives of course for letting the project pays you.
You are brave enough, and yes, your email is visible to all users. It is possible that you can easily create a second and third account, earn merit. But you do not take into account a certain point.
Each of us here on the forum values our reputation. If your account is hacked, then many fraudulent activities can occur on your behalf (for example, a recent story with Twitter)
Agree, it's easier to tick a box and hide your email than to regret and prove something afterward.
After reading the op, I immediately checked whether my email address here is hidden as stated. Good thing it is 'cause it's been a long time since I checked if my email is seen in public or not. It's not the email I use for important things, though, but I prefer for it to stay hidden just to be sure. I have multiple email accounts; one email for work; another for things involving money; and another for other purposes.
Gosh. Hackers are really everywhere. Let's always stay safe, everyone.
Gosh. Hackers are really everywhere. Let's always stay safe, everyone.
I had not been protecting my account ever since and they can hack this account anytime. I have no worries about it for I can still make a new one here. Anyway, I can get merit if I wanted to even just for member in rank. But, I am not that confident though to reach that rank but still it could be attainable. But I am not after for the rank, the best thing to be here in the forum is to learn from others and reading news about bitcoin. There are other users posting on successful story about bitcoin and there so much we can learn about them. Promoting projects is not really a priority but it can be like an incentives of course for letting the project pays you.
I've personally set a fake email for my account, that way even if they do discover it, it can't be used to reset my password.
If you use this method, just make sure the domain can't be bought, since that way they could just create the email and reset it that way.
If you use this method, just make sure the domain can't be bought, since that way they could just create the email and reset it that way.
This is the thing that I'm talking about, using fake email address so whenever the hackers tried to steal my email, they will become fooled by this.
We all know that privacy and security is the number one thing to protect and strengthen when we use a platform such as like this forum.
You are responsible with your own account so it depends on you on how will you make your security strong enough to defend yourself from those hacks and scams that may attack you out of nowhere. Just work on how you will safely access the forum without fear of losing your account, be confident and protect your account at all times.
Thanks for the security reminder! (Just an FYI to everyone who may not be aware, also take away any cell phone numbers you may have listed on your email accounts. This is what gives hackers the ability to sim-swap).
Now the question. If I have a very good password in my mail that is difficult to crack, and I have 2FA, if I log in from another IP, I receive SMS notifications, isn't that enough? And also the mail that is tied to the forum is not used anywhere else.
Yeah I guess having 2FA is enough for more of a security to your email, even me I use this, it sends me a notification every time I'm logging in, trying to change my password, detect unknown devices and has my 8 number code offline security. I guess this is enough for protecting your email. The email I used to this forum is protected also, it has a different sim card in my drawer for 2FA 
It is always very difficult to admit that you could have avoided theft if you had been vigilant in advance. But it happens, you only have to learn from your mistakes.
I don’t want to be boring saying it that it could be done this way, or so. But in this case, it is really a mistake to have mail that does multiple tasks. That is, it has to do with finance and the forum.
Now the question. If I have a very good password in my mail that is difficult to crack, and I have 2FA, if I log in from another IP, I receive SMS notifications, isn't that enough? And also the mail that is tied to the forum is not used anywhere else.
I don’t want to be boring saying it that it could be done this way, or so. But in this case, it is really a mistake to have mail that does multiple tasks. That is, it has to do with finance and the forum.
Regarding 2FA it's always a two edged sword giving a false sense of security: there is no security advantage setting up a 2FA on your mobile while you access your website with the very same mobile. 2FA should be enabled, for critical services, on a different mobile or computer the one you are using to access such service.
Now the question. If I have a very good password in my mail that is difficult to crack, and I have 2FA, if I log in from another IP, I receive SMS notifications, isn't that enough? And also the mail that is tied to the forum is not used anywhere else.
Happy to see you learned from your mistake. Did you suffer from it financially, did they get any money off you? I’ve never been hacked but I’ve been the victim of credit card fraud 3 times now. Luckily my banks fraud department stopped 2 of them but had to wait a while to be reimbursed on one of them.
Fortunately, hacker wasn't able to take my money. He managed to login to one of my exchange account and tried to withdraw money. But there was SMS verification for withdrawals enabled, so it protected me from bigger problems. I still don't know how exactly he managed to hack me, where was my main mistake. But I really learned from it. Now I use strong and different passwords everywhere, have 2FA enabled and taking other precautions.Yeah, I use nonsense passwords, I figure it’d be pretty fucking tough to get me. I use an email used for nothing else too.
Happy to see you learned from your mistake. Did you suffer from it financially, did they get any money off you? I’ve never been hacked but I’ve been the victim of credit card fraud 3 times now. Luckily my banks fraud department stopped 2 of them but had to wait a while to be reimbursed on one of them.
Fortunately, hacker wasn't able to take my money. He managed to login to one of my exchange account and tried to withdraw money. But there was SMS verification for withdrawals enabled, so it protected me from bigger problems. I still don't know how exactly he managed to hack me, where was my main mistake. But I really learned from it. Now I use strong and different passwords everywhere, have 2FA enabled and taking other precautions. I just want to add my 2 cents Satoshi to this story. My account was also hacked few years, fortunately I was able recover it soon without any damage done, thanks to @Cyrus.
Hacker was able to reach not only Bitcointalk account, but also my email too. Back then I didn't care about security much. I used average short passwords just because it's more convenient. 2FA? Why, who needs it. I just was sure that it won't happen too me because I'm not dumb and I don't visit phishing websites or click unknown links in email. But then I learned from my mistake. So, better safe than sorry.
Though, even with all precautions, there is no guarantee that someone will not hack you, what story with Twitter shows.
Hacker was able to reach not only Bitcointalk account, but also my email too. Back then I didn't care about security much. I used average short passwords just because it's more convenient. 2FA? Why, who needs it. I just was sure that it won't happen too me because I'm not dumb and I don't visit phishing websites or click unknown links in email. But then I learned from my mistake. So, better safe than sorry.
Though, even with all precautions, there is no guarantee that someone will not hack you, what story with Twitter shows.
Happy to see you learned from your mistake. Did you suffer from it financially, did they get any money off you? I’ve never been hacked but I’ve been the victim of credit card fraud 3 times now. Luckily my banks fraud department stopped 2 of them but had to wait a while to be reimbursed on one of them.
I just want to add my 2 cents Satoshi to this story. My account was also hacked few years, fortunately I was able recover it soon without any damage done, thanks to @Cyrus.
Hacker was able to reach not only Bitcointalk account, but also my email too. Back then I didn't care about security much. I used average short passwords just because it's more convenient. 2FA? Why, who needs it. I just was sure that it won't happen too me because I'm not dumb and I don't visit phishing websites or click unknown links in email. But then I learned from my mistake. So, better safe than sorry.
Though, even with all precautions, there is no guarantee that someone will not hack you, what story with Twitter shows.
Hacker was able to reach not only Bitcointalk account, but also my email too. Back then I didn't care about security much. I used average short passwords just because it's more convenient. 2FA? Why, who needs it. I just was sure that it won't happen too me because I'm not dumb and I don't visit phishing websites or click unknown links in email. But then I learned from my mistake. So, better safe than sorry.
Though, even with all precautions, there is no guarantee that someone will not hack you, what story with Twitter shows.
Very nice reminder.
Security practices are always welcome, even if they look basic like this one, they might be useful for someone else: staying safe is difficult, but mainly it's a matter only to marginally increment your level of security, so that a sloppy attacker gets blocked before passing to his next customer.
Regarding 2FA it's always a two edged sword giving a false sense of security: there is no security advantage setting up a 2FA on your mobile while you access your website with the very same mobile. 2FA should be enabled, for critical services, on a different mobile or computer the one you are using to access such service.
Regarding a true horror story:
Privacy at risk using mobile phones. Not only Bitcoin-related.
Security practices are always welcome, even if they look basic like this one, they might be useful for someone else: staying safe is difficult, but mainly it's a matter only to marginally increment your level of security, so that a sloppy attacker gets blocked before passing to his next customer.
<...>
2- Multi-factor authentication
2- Multi-factor authentication
Regarding 2FA it's always a two edged sword giving a false sense of security: there is no security advantage setting up a 2FA on your mobile while you access your website with the very same mobile. 2FA should be enabled, for critical services, on a different mobile or computer the one you are using to access such service.
Regarding a true horror story:
Privacy at risk using mobile phones. Not only Bitcoin-related.
People usually do not pay attention on security and privacy before their account is hacked or lost. Forum account: security, privacy, and recovery. This hack is a good lesson to attract more members to read my thread.
As far as I know, default after account creation, email is hidden. It is only be activated to show if member decide to show it. Anyhow, if people did it in the past, now they can check and hide it again. It is never too late to do so. Also, can check [Guide] How to know if your email address was part of any data breach.
I see some people who are company owner or community manager publicly shows email address. They likely beware of risks and having a strong password is one of good thing. If not, check that thread [GUIDE] How to Create a Strong/Secure Password
As far as I know, default after account creation, email is hidden. It is only be activated to show if member decide to show it. Anyhow, if people did it in the past, now they can check and hide it again. It is never too late to do so. Also, can check [Guide] How to know if your email address was part of any data breach.
I see some people who are company owner or community manager publicly shows email address. They likely beware of risks and having a strong password is one of good thing. If not, check that thread [GUIDE] How to Create a Strong/Secure Password
Although, hidden email address helps to certain extent. The security to your email itself matters more. 2fa, strong password and try not to link mobile number to it. Sim jacking is very real.
You have posted a nice suggestion for members. Those who have not done this till now should use this option but there can be workarounds to find the email even if someone hides it now.
One case I can think of is that someone is interested in hacking the profile of a particular username, he will look for all details using archive.org. Even him someone hides his details now, if he used to show email earlier, it might be revealed using that tool. There are other ways to know the email as well. One of the ways, I think I even reported to theymos few months back.
One case I can think of is that someone is interested in hacking the profile of a particular username, he will look for all details using archive.org. Even him someone hides his details now, if he used to show email earlier, it might be revealed using that tool. There are other ways to know the email as well. One of the ways, I think I even reported to theymos few months back.
Quote
I believe the hacker discovered his email address simply by clicking on his profile & discovering the email there & the rest is history.
But what does this have to do with their email getting hacked?
While it's wise not to reveal your email when not needed - revealing your Email address isn't a direct threat to its security.
Email addresses should be hidden for privacy rather than security, Email addresses are not meant to stay private or secretly buried in your back yard, they are a just like your public key in bitcoin, your duty is PROTECT the private key/ password.
Every day a few websites get hacked and hackers obtain all sort of email addresses from their databases, the chances that at least 1 hacker knows your Email address are pretty HIGH, so hiding them doesn't do much if they are not secured enough, honestly, with today's security's feature it's freaking hard to gain access to an Email address which is "mildly" secured if you use
1- A strong password
2- Multi-factor authentication
3- Different emails for different purposes
Also DO NOT
1- Use a similar email password to sing-up to any forum/website.
2- Don't use unkown email provider.
I think it is a direct thread in that it enables spear phishing.
People can read your posts and use that information to tailor an e-mail to you personally. If it looks familiar enough and your guard is down, you'll end up being pwned.
People can use PMs to contact you here and if you really want to, you can give individuals your e-mail address as required.
Quote
I believe the hacker discovered his email address simply by clicking on his profile & discovering the email there & the rest is history.
But what does this have to do with their email getting hacked?
While it's wise not to reveal your email when not needed - revealing your Email address isn't a direct threat to its security.
Email addresses should be hidden for privacy rather than security, Email addresses are not meant to stay private or secretly buried in your back yard, they are a just like your public key in bitcoin, your duty is PROTECT the private key/ password.
Every day a few websites get hacked and hackers obtain all sort of email addresses from their databases, the chances that at least 1 hacker knows your Email address are pretty HIGH, so hiding them doesn't do much if they are not secured enough, honestly, with today's security's feature it's freaking hard to gain access to an Email address which is "mildly" secured if you use
1- A strong password
2- Multi-factor authentication
3- Different emails for different purposes
Also DO NOT
1- Use a similar email password to sing-up to any forum/website.
2- Don't use unkown email provider.
Jump to: