Topic: PSA: ACCOUNTS WILL BE LOCKED IF THE SECRET QUESTION IS USED TO RECOVER IT - page 2. (Read 4531 times)
June 17, 2016, 07:44:16 AM
Shit.....just got locked out of my account by answering the secret question. I can't believe they haven't taken this out or disabled it yet. I'm afraid I won't get control back of my "main" account for a long time....
December 02, 2015, 06:50:08 PM
I could be incorrect, but that might just be a glitch.
December 01, 2015, 07:44:32 AM
Thank you to the OP of this post. Using the instructions in the top post I finally got my Sr. Member account back after a month of sending signed messages every week as directed. Nice to get my account back. 
November 07, 2015, 03:57:00 AM
Got home and sent PMs a couple of days ago. I hope I can get my Sr. Member account unlocked. Would suck having to start all over building a rep here.
October 26, 2015, 02:18:08 AM
My account just got locked today due to this stupid implantation of password reset by secret question. Had I know about this I would have just done reset by email. It is really annoying because it is a FULL MEMBER account with activity over 900.
No, an activity over 900 would make you at least Hero if not legendary. You are refering to the number of posts I guess.
Today I had to make this new account so I could post. I sent an email to Theymos to the email address given when I was told my account was locked after trying to sign in after the successful password reset by secret question. I am on vacation so when I get home I can figure out which BTC address I have in the sig of my old account and sign a message with it. If they do not answer the email I guess I will use this account to send a PM with a signed message every week as the OP suggested until I finally get a favorable response.
Yes.
I wish I had known about this before resetting the password. Using the secret question seemed faster than doing an email reset. A warning on the reset page that my account was going to be locked would have been nice and I would have done an email reset to avoid having my account locked. Very annoying.
It was meant to be hidden as long as possible, thus there is no warning. Sorry you have to go through this now.
Yes, I meant posts, sorry. Posts over 1040 and Activity over 330. My locked account is a "Sr. Member." Thanks for pointing out my brain fart. Also a BTC address has been in my sig for about eight months or longer and it is from my Trezor. So when I get home from vacation I can definitely send signed messages with that BTC addresses' private key.
October 26, 2015, 02:03:19 AM
My account just got locked today due to this stupid implantation of password reset by secret question. Had I know about this I would have just done reset by email. It is really annoying because it is a FULL MEMBER account with activity over 900.
No, an activity over 900 would make you at least Hero if not legendary. You are refering to the number of posts I guess.
Today I had to make this new account so I could post. I sent an email to Theymos to the email address given when I was told my account was locked after trying to sign in after the successful password reset by secret question. I am on vacation so when I get home I can figure out which BTC address I have in the sig of my old account and sign a message with it. If they do not answer the email I guess I will use this account to send a PM with a signed message every week as the OP suggested until I finally get a favorable response.
Yes.
I wish I had known about this before resetting the password. Using the secret question seemed faster than doing an email reset. A warning on the reset page that my account was going to be locked would have been nice and I would have done an email reset to avoid having my account locked. Very annoying.
It was meant to be hidden as long as possible, thus there is no warning. Sorry you have to go through this now.
October 25, 2015, 11:50:14 PM
My account just got locked today due to this stupid implantation of password reset by secret question. Had I know about this I would have just done reset by email. It is really annoying because it is a FULL MEMBER account with activity over 900. Today I had to make this new account so I could post. I sent an email to Theymos to the email address given when I was told my account was locked after trying to sign in after the successful password reset by secret question. I am on vacation so when I get home I can figure out which BTC address I have in the sig of my old account and sign a message with it. If they do not answer the email I guess I will use this account to send a PM with a signed message every week as the OP suggested until I finally get a favorable response. I wish I had known about this before resetting the password. Using the secret question seemed faster than doing an email reset. A warning on the reset page that my account was going to be locked would have been nice and I would have done an email reset to avoid having my account locked. Very annoying.
October 19, 2015, 07:44:45 AM
Well I think that is also for security purposes. If one gained access to your secret answer, then you know the rest: they can get access to your account. This feature should be removed imo so that things like hacking wouldn't be a that much of a problem when it comes to secret answers.
One day there will be a "new forum" not sure on timeline of when we see updated forum. I suspect then it they might possibly address it or remove it.
I think that chances of spending time programming on this forum to do it is slim. Just have it in meta and people will know not to use it.
Why not try to address this matter on the new forum software? I think it will gain much attention there seeing that it is the place where discussions for what the new software could come up with, and afaik we can kind of request some features we like to see in the new forum.
I don't think the secret question should be implemented on the new forum. I mean if it's been exposed to the hackers before then that might happen again. Well not with a much secure forum but then, anyway I just want the secret word reset to be fix because I sometimes find it handy specially in my case where I am very precautious in online security.
October 19, 2015, 04:13:47 AM
Well I think that is also for security purposes. If one gained access to your secret answer, then you know the rest: they can get access to your account. This feature should be removed imo so that things like hacking wouldn't be a that much of a problem when it comes to secret answers.
One day there will be a "new forum" not sure on timeline of when we see updated forum. I suspect then it they might possibly address it or remove it.
I think that chances of spending time programming on this forum to do it is slim. Just have it in meta and people will know not to use it.
Why not try to address this matter on the new forum software? I think it will gain much attention there seeing that it is the place where discussions for what the new software could come up with, and afaik we can kind of request some features we like to see in the new forum.
October 18, 2015, 10:14:01 PM
I would say it is better to change OP to discuss "Do not have a secret question for your account. Why, and how to do it."
As QS said, I guess it is better to keep it a bit secret. Changing the title would help. Having a secret question for an account is not very useful.
As QS said, I guess it is better to keep it a bit secret. Changing the title would help. Having a secret question for an account is not very useful.
October 18, 2015, 04:48:43 PM
Well I think that is also for security purposes. If one gained access to your secret answer, then you know the rest: they can get access to your account. This feature should be removed imo so that things like hacking wouldn't be a that much of a problem when it comes to secret answers.
One day there will be a "new forum" not sure on timeline of when we see updated forum. I suspect then it they might possibly address it or remove it.
I think that chances of spending time programming on this forum to do it is slim. Just have it in meta and people will know not to use it.
October 18, 2015, 12:05:20 PM
Well I think that is also for security purposes. If one gained access to your secret answer, then you know the rest: they can get access to your account. This feature should be removed imo so that things like hacking wouldn't be a that much of a problem when it comes to secret answers.
October 18, 2015, 11:59:33 AM
I would guess it's that the forum really does not check email when you sign up. Some assumed secret message was enough. But after a while that big hack the secret messages were compromised.
So now you really need to sign with a address used or something else to prove ownership. Honestly everyone should stake a address
It does, you can't leave the email box empty. I also agree with the removal of secret question, why put something like that if it can lock your account, at least a warning like this should be available on the secret question page or new members may get themselves locked out while using this. So now you really need to sign with a address used or something else to prove ownership. Honestly everyone should stake a address
October 18, 2015, 11:55:33 AM
Why not just remove the secret question?
When the account is locked for security reasons you will have to sign a message from an unused address anyway
When the account is locked for security reasons you will have to sign a message from an unused address anyway
I would guess it's that the forum really does not check email when you sign up. Some assumed secret message was enough. But after a while that big hack the secret messages were compromised.
So now you really need to sign with a address used or something else to prove ownership. Honestly everyone should stake a address
October 18, 2015, 10:51:23 AM
Why not just remove the secret question?
When the account is locked for security reasons you will have to sign a message from an unused address anyway
When the account is locked for security reasons you will have to sign a message from an unused address anyway
October 18, 2015, 09:22:23 AM
bump
October 12, 2015, 10:22:04 PM
Thank you for letting me know this, ill remove my SQ now
I have a question, How can I remove the secirity question in my account? I already set another security question when I got back my account from previous lock. Thanks!
Ok thanks. Got it removed.
October 12, 2015, 08:13:16 PM
Thank you for letting me know this, ill remove my SQ now
I have a question, How can I remove the secirity question in my account? I already set another security question when I got back my account from previous lock. Thanks!
October 12, 2015, 07:43:56 PM
Thank you for letting me know this, ill remove my SQ now
I have a question, How can I remove the secirity question in my account? I already set another security question when I got back my account from previous lock. Thanks!
October 12, 2015, 06:28:02 PM
Huh. I could've sworn I saw a post by theymos himself saying that accounts were being locked if the security question was being used to unlock them. But now I can't find any such post.
I suppose I will leave this up since it may help people who lock themselves out. If it's a problem and theymos doesn't want it up, he can let me know, or just remove it himself.
A staff member previously posted something similar to this, I spoke to them about it privately and they removed it. I suppose I will leave this up since it may help people who lock themselves out. If it's a problem and theymos doesn't want it up, he can let me know, or just remove it himself.
This is not exactly the private keys to the forum's bitcoin, however it is a security issue. IMO there is really no reason to remove the thread now since this has been posted for long enough.
Jump to: