Pages:
Author

Topic: PSA: ACCOUNTS WILL BE LOCKED IF THE SECRET QUESTION IS USED TO RECOVER IT - page 2. (Read 4556 times)

hero member
Activity: 924
Merit: 526
GIF by SOCIFI
Shit.....just got locked out of my account by answering the secret question. I can't believe they haven't taken this out or disabled it yet. I'm afraid I won't get control back of my "main" account for a long time....
hero member
Activity: 518
Merit: 500
I could be incorrect, but that might just be a glitch.
legendary
Activity: 1246
Merit: 1024
Thank you to the OP of this post. Using the instructions in the top post I finally got my Sr. Member account back after a month of sending signed messages every week as directed. Nice to get my account back.  Smiley  Cheesy  Grin
newbie
Activity: 6
Merit: 0
Got home and sent PMs a couple of days ago. I hope I can get my Sr. Member account unlocked. Would suck having to start all over building a rep here.
newbie
Activity: 6
Merit: 0
My account just got locked today due to this stupid implantation of password reset by secret question. Had I know about this I would have just done reset by email. It is really annoying because it is a FULL MEMBER account with activity over 900.

No, an activity over 900 would make you at least Hero if not legendary. You are refering to the number of posts I guess.

Today I had to make this new account so I could post. I sent an email to Theymos to the email address given when I was told my account was locked after trying to sign in after the successful password reset by secret question. I am on vacation so when I get home I can figure out which BTC address I have in the sig of my old account and sign a message with it. If they do not answer the email I guess I will use this account to send a PM with a signed message every week as the OP suggested until I finally get a favorable response.

Yes.

I wish I had known about this before resetting the password. Using the secret question seemed faster than doing an email reset. A warning on the reset page that my account was going to be locked would have been nice and I would have done an email reset to avoid having my account locked. Very annoying.

It was meant to be hidden as long as possible, thus there is no warning. Sorry you have to go through this now.

Yes, I meant posts, sorry. Posts over 1040 and Activity over 330. My locked account is a "Sr. Member." Thanks for pointing out my brain fart. Also a BTC address has been in my sig for about eight months or longer and it is from my Trezor. So when I get home from vacation I can definitely send signed messages with that BTC addresses' private key.
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
My account just got locked today due to this stupid implantation of password reset by secret question. Had I know about this I would have just done reset by email. It is really annoying because it is a FULL MEMBER account with activity over 900.

No, an activity over 900 would make you at least Hero if not legendary. You are refering to the number of posts I guess.

Today I had to make this new account so I could post. I sent an email to Theymos to the email address given when I was told my account was locked after trying to sign in after the successful password reset by secret question. I am on vacation so when I get home I can figure out which BTC address I have in the sig of my old account and sign a message with it. If they do not answer the email I guess I will use this account to send a PM with a signed message every week as the OP suggested until I finally get a favorable response.

Yes.

I wish I had known about this before resetting the password. Using the secret question seemed faster than doing an email reset. A warning on the reset page that my account was going to be locked would have been nice and I would have done an email reset to avoid having my account locked. Very annoying.

It was meant to be hidden as long as possible, thus there is no warning. Sorry you have to go through this now.
newbie
Activity: 6
Merit: 0
My account just got locked today due to this stupid implantation of password reset by secret question. Had I know about this I would have just done reset by email. It is really annoying because it is a FULL MEMBER account with activity over 900. Today I had to make this new account so I could post. I sent an email to Theymos to the email address given when I was told my account was locked after trying to sign in after the successful password reset by secret question. I am on vacation so when I get home I can figure out which BTC address I have in the sig of my old account and sign a message with it. If they do not answer the email I guess I will use this account to send a PM with a signed message every week as the OP suggested until I finally get a favorable response. I wish I had known about this before resetting the password. Using the secret question seemed faster than doing an email reset. A warning on the reset page that my account was going to be locked would have been nice and I would have done an email reset to avoid having my account locked. Very annoying.
legendary
Activity: 1302
Merit: 1025
Well I think that is also for security purposes. If one gained access to your secret answer, then you know the rest: they can get access to your account. This feature should be removed imo so that things like hacking wouldn't be a that much of a problem when it comes to secret answers.

One day there will be a "new forum" not sure on timeline of when we see updated forum.  I suspect then it they might possibly address it or remove it.

I think that chances of spending time programming on this forum to do it is slim.  Just have it in meta and people will know not to use it.

Why not try to address this matter on the new forum software? I think it will gain much attention there seeing that it is the place where discussions for what the new software could come up with, and afaik we can kind of request some features we like to see in the new forum.

I don't think the secret question should be implemented on the new forum. I mean if it's been exposed to the hackers before then that might happen again. Well not with a much secure forum but then, anyway I just want the secret word reset to be fix because I sometimes find it handy specially in my case where I am very precautious in online security.
legendary
Activity: 3542
Merit: 1352
Well I think that is also for security purposes. If one gained access to your secret answer, then you know the rest: they can get access to your account. This feature should be removed imo so that things like hacking wouldn't be a that much of a problem when it comes to secret answers.

One day there will be a "new forum" not sure on timeline of when we see updated forum.  I suspect then it they might possibly address it or remove it.

I think that chances of spending time programming on this forum to do it is slim.  Just have it in meta and people will know not to use it.

Why not try to address this matter on the new forum software? I think it will gain much attention there seeing that it is the place where discussions for what the new software could come up with, and afaik we can kind of request some features we like to see in the new forum.
legendary
Activity: 1302
Merit: 1005
New Decentralized Nuclear Hobbit
I would say it is better to change OP to discuss "Do not have a secret question for your account. Why, and how to do it."

As QS said, I guess it is better to keep it a bit secret. Changing the title would help. Having a secret question for an account is not very useful.
legendary
Activity: 1456
Merit: 1000
Well I think that is also for security purposes. If one gained access to your secret answer, then you know the rest: they can get access to your account. This feature should be removed imo so that things like hacking wouldn't be a that much of a problem when it comes to secret answers.

One day there will be a "new forum" not sure on timeline of when we see updated forum.  I suspect then it they might possibly address it or remove it.

I think that chances of spending time programming on this forum to do it is slim.  Just have it in meta and people will know not to use it.
legendary
Activity: 3542
Merit: 1352
Well I think that is also for security purposes. If one gained access to your secret answer, then you know the rest: they can get access to your account. This feature should be removed imo so that things like hacking wouldn't be a that much of a problem when it comes to secret answers.
hero member
Activity: 924
Merit: 1005
4 Mana 7/7
I would guess it's that the forum really does not check email when you sign up.  Some assumed  secret message was enough.   But after a while that big hack the secret messages were compromised. 

So now you really need to sign with a address used or something else to prove ownership.   Honestly everyone should stake a address
It does, you can't leave the email box empty. I also agree with the removal of secret question, why put something like that if it can lock your account, at least a warning like this should be available on the secret question page or new members may get themselves locked out while using this.
legendary
Activity: 1456
Merit: 1000
Why not just remove the secret question?
When the account is locked for security reasons you will have to sign a message from an unused address anyway

I would guess it's that the forum really does not check email when you sign up.  Some assumed  secret message was enough.   But after a while that big hack the secret messages were compromised. 

So now you really need to sign with a address used or something else to prove ownership.   Honestly everyone should stake a address
legendary
Activity: 2772
Merit: 1127
Why not just remove the secret question?
When the account is locked for security reasons you will have to sign a message from an unused address anyway
staff
Activity: 3458
Merit: 6793
Just writing some code
legendary
Activity: 1302
Merit: 1025
Thank you for letting me know this, ill remove my SQ now

I have a question, How can I remove the secirity question in my account? I already set another security question when I got back my account from previous lock. Thanks!
AFAIK you just make sure that both text boxes for the secret question are empty. IIRC the answer box will have a red warning next to it when you have one set, when it isn't set, that warning should disappear.

Ok thanks. Got it removed.
staff
Activity: 3458
Merit: 6793
Just writing some code
Thank you for letting me know this, ill remove my SQ now

I have a question, How can I remove the secirity question in my account? I already set another security question when I got back my account from previous lock. Thanks!
AFAIK you just make sure that both text boxes for the secret question are empty. IIRC the answer box will have a red warning next to it when you have one set, when it isn't set, that warning should disappear.
legendary
Activity: 1302
Merit: 1025
Thank you for letting me know this, ill remove my SQ now

I have a question, How can I remove the secirity question in my account? I already set another security question when I got back my account from previous lock. Thanks!
copper member
Activity: 2996
Merit: 2374
Huh. I could've sworn I saw a post by theymos himself saying that accounts were being locked if the security question was being used to unlock them. But now I can't find any such post.

I suppose I will leave this up since it may help people who lock themselves out. If it's a problem and theymos doesn't want it up, he can let me know, or just remove it himself.
A staff member previously posted something similar to this, I spoke to them about it privately and they removed it.

This is not exactly the private keys to the forum's bitcoin, however it is a security issue. IMO there is really no reason to remove the thread now since this has been posted for long enough.
Pages:
Jump to: