Secure your account - page 2. | Bitcointalksearch.org

BigMac

legendary

Activity: 896

Merit: 1000

Quote from: ndnh on April 01, 2014, 09:41:23 AM

I survived inputs.io hack, mtgox and now coinbase. (my loss less than 10% of my holdings) Here is what i do to secure an account:

I use just a complex password. no app, no 2FA, no nothing
My email address cannot be hacked using forgot my password. (even i don't remember that)
make sure u get into the real site
don't use same username or password for a trusted site and an untrusted site
use different complex password for email and other important accounts
passwords may be similar to you but inguessable for a hacker

Split your btc among different services.

These are some good suggestions that everyone should take a read.

ndnh

legendary

Activity: 1302

Merit: 1005

New Decentralized Nuclear Hobbit

Quote from: Denni on April 01, 2014, 09:54:28 AM

I wonder how gox hack is correlated to the password security. Huh

It isn't. I didn't trust it from the beginning.

Quote from: Shima on April 01, 2014, 12:11:03 PM

coinbase.com? the site is live and working fine! What had happened?

Some coinbase accounts were hacked.
But most thought their account was hacked or something after they received a request (see http://www.reddit.com/r/Bitcoin/comments/21wyl3/coinbase_has_not_been_hacked_this_is_a_feature/)
NewLiberty is correct

Quote from: bryant.coleman on April 23, 2014, 09:13:13 PM

Quote from: ndnh on April 01, 2014, 09:41:23 AM

My email address cannot be hacked using forgot my password. (even i don't remember that)

Can you tell me how did you deactivated it? Almost all the email accounts can be hacked using forgot my password, and this route is the most preferred one used by hackers to steal coins from BTC-E and other exchanges.

put in long string of random numbers and alohabets and symbols if there is no option to deactivate it.
Just don't forget the password Wink

bryant.coleman

legendary

Activity: 3766

Merit: 1217

Quote from: ndnh on April 01, 2014, 09:41:23 AM

My email address cannot be hacked using forgot my password. (even i don't remember that)

Can you tell me how did you deactivated it? Almost all the email accounts can be hacked using forgot my password, and this route is the most preferred one used by hackers to steal coins from BTC-E and other exchanges.

pekv2

hero member

Activity: 770

Merit: 502

Stay safe link in my sig.

Bitcoin community does a great job.

counter

hero member

Activity: 798

Merit: 500

Time is on our side, yes it is!

Also I'd like to add that one should make sure the computer they are using to do all of this is not compromised in any way shape or form.

noviapriani

sr. member

Activity: 350

Merit: 250

If you login to your account on the mogstation and find the onetime password page it should be there. I believe the hardware token use the serial on the back as the emergency password instead,,,,

NewLiberty

legendary

Activity: 1204

Merit: 1002

Gresham's Lawyer

Coinbase API allows user enumeration.
So folks can send payment requests to arbitrary users.

Here's an eli5 ish article:
http://www.cryptocoinsnews.com/news/coinbase-bug-allows-mass-phishing-and-leaked-user-information/2014/04/01

MonkeyDOH

full member

Activity: 140

Merit: 100

Very nicely explained ndnhc !
It's important for beginners.

Dark.coder

newbie

Activity: 18

Merit: 0

No matter how secure and strong your password is you account will get hacked if you been a victim of phishing/keylogger/backdoor.
Brute forcing is quite outdated as a matter of fact unless you are using plain text/ default passwords like: Password123, admin, johnlovemarry, shane etc so its better to read and keep yourself updated regarding the new techniques and methods and prior to that using an anti virus is must. Being a security expert i strongly recommend bitdefender and malwarebytes pro.
Tip : use virustotal.com as your weapon always

xypos

sr. member

Activity: 532

Merit: 250

You can have the best password and security ever, you can't do anything if the website closed (like mtgox, inputs.io, ...).
Roll Eyes

Shima

newbie

Activity: 14

Merit: 0

coinbase.com? the site is live and working fine! What had happened?

blacksails

sr. member

Activity: 294

Merit: 250

My suggestion: Don't store your bitcoins online. Put them in an offline wallet where you are the only one that controls the private keys. That way you're (almost) safe from hacking (remember what Kevin Mitnick said, "No computer is ever safe.").

leex1528

hero member

Activity: 784

Merit: 1000

Quote from: marcotheminer on April 01, 2014, 11:41:20 AM

What the hell happened to coin base???

Yes, did something happen I am missing? Huh

?

marcotheminer

legendary

Activity: 2072

Merit: 1049

┴puoʎǝq ʞool┴

What the hell happened to coin base???

lynn_402

sr. member

Activity: 462

Merit: 253

Quote from: ndnh on April 01, 2014, 09:41:23 AM

I survived inputs.io hack, mtgox and now coinbase. (my loss less than 10% of my holdings) Here is what i do to secure an account:

I use just a complex password. no app, no 2FA, no nothing
My email address cannot be hacked using forgot my password. (even i don't remember that)
make sure u get into the real site
don't use same username or password for a trusted site and an untrusted site
use different complex password for email and other important accounts
passwords may be similar to you but inguessable for a hacker

Split your btc among different services.

2fa is important too. With your method, you're at the mercy of keyloggers.

Denni

full member

Activity: 125

Merit: 100

I wonder how gox hack is correlated to the password security. Huh

vnvizow

sr. member

Activity: 364

Merit: 250

Well said, captain obvious. Well, this is the Beginners & Help section......

ndnh

legendary

Activity: 1302

Merit: 1005

New Decentralized Nuclear Hobbit

I survived inputs.io hack, mtgox and now coinbase. (my loss less than 10% of my holdings) Here is what i do to secure an account:

I use just a complex password. no app, no 2FA, no nothing
My email address cannot be hacked using forgot my password. (even i don't remember that)
make sure u get into the real site
don't use same username or password for a trusted site and an untrusted site
use different complex password for email and other important accounts
passwords may be similar to you but inguessable for a hacker

Split your btc among different services.

Topic: Secure your account - page 2. (Read 1628 times)