Pages:
Author

Topic: Tips on how to keep your Bitcointalk forum account safe. (Read 602 times)

full member
Activity: 102
Merit: 21
Security of forum accounts is something we must take very seriously.
If these tips and guidelines are followed completely, they will at least reduce account hacking, and many senior colleagues have provided additional account safety advice.

I agree with you not everyone knows the risk involved in exposing their account and so they don’t take it security very seriously. Lot of people have complained about hacks and account breach but they are not aware that they are the cause of it making silly mistakes that could’ve been avoided if they had followed the tips provided by Op and some other members.

I consider this forum to be my home, and anything that could hinder my account is always opposed; this thread has given me more hints to help me secure my account even more. Despite the fact that I avoid using random devices to access my account and use strong passwords.

I see you are hero member already and i can tell how painful it will be if you lose control of your account because you have already become one with the forum so leaving the forum will be the last thing on your mind. This is a very useful topic and many newbies will ignore this thread and the useful tips it has shared with us. Topics like this is what newbies need but they will be busy with their aimless activities and their never ending merit hunt and ignore useful information such as this one.
member
Activity: 322
Merit: 70
The tips you listed on how to keep our Bitcointalk forum account safe are valid and correct.Firstly security should be the first thing to consider with our accounts,the password you choose determines how vulnerable your account is,I came across a thread in my local board that made more emphasis on how to choose stronger password.There are lot to do to keep your account safe, avoiding clicking links online that related to crypto because hackers have been using that format to gain access of most user's account who aren't security conscious.Logging your account on someone's device isn't safe no matter how much you trust the person,you ought to trust yourself alone and keep your account on a safe part.
legendary
Activity: 2604
Merit: 2353
It's also a good practice to use alias email address, so hackers can't know which is your actual mail account and which email provider you are using actually. It's also important to not allow to bypass 2FA in any way for the hackers. It means you need to be careful about your email box set up and the recovery option you have activated. If you want 2FA to not be able to be circumvent, your email box access shouldn't be possible without 2FA, even if you lose your password. Hence if the hacker has no access to your 2FA device he will never be able to hack your accounts whatever informations he owns onto you.
hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
~~~

Authy had a breachin 2022 as far as I remember, is closed-source and doesn't allow you easily to export your secrets. I'm moving away from Authy...

For Android I recommend FreeOTP, Aegis or 2FAS. I'm no iOS user, but Raivo seems a good choice for this platform (no personal experience, DYOR).

I don't think it's a good idea to make your mobile phone the main root of all your data. It's easy to loose and likely prone to be stolen for the more valuable devices. Avoid receiving OTP via SMS or similar.

My internet connection at home isn't related in any way with my cellphone number. Mobile data in cellphone network is related to it, but I don't quite get your point with it.
hero member
Activity: 1470
Merit: 558
dont be greedy
Sorry... this is an old topic, but i found it very useful... and maybe there are still people reading it... so I wanted to add some point to make it safer (by my view)

1. Activate 2FA to log in. @Cricktor has explained it before, but I want to add my version of the best authenticator application, namely Authy.. we can use our cellphone number and email to keep the login password to Authy confidential.

2. Create a Bitcoin address to stake here: https://bitcointalksearch.org/topic/stake-your-bitcoin-address-here-996318 .. we don't know how hackers got our Bitcointalk account, but we can recover via staking BTC Addy in that thread .

3. The cellphone number is the main root of all your data, so if you feel that you have lost it or been hacked, immediately report it to the relevant cellular company to block the receipt of the OTP code or perhaps prevent it as soon as possible by other means, the goal is to prevent hackers from hacking every login credential in your account. Your internet connection is related to your cellphone number.
full member
Activity: 448
Merit: 130
Although a very old post, there are times when the posts come up to give yourself a little warning. As we use different websites, different types of messages may come from the website, it is possible that you have opened this forum account that may message you by email, write something that you will believe and you will enter there, which is hacker circles a strategy. Nowadays hacker cycle has increased so account needs to be protected carefully. To keep your forum account safe you should enable 2FA security system and if this process is running  then chances of hacking your account from forum will be reduced.
sr. member
Activity: 476
Merit: 299
Learning never stops!

Unless you plan on using a website for a long time, just use a temporary email address, and then this eliminates any issues that could come from that. Ideally, you wouldn't be using the same password anyway, and therefore that wouldn't be compromised. Obviously, data that you give that website could potentially be compromised, and therefore associated with your email address, which an attacker could leverage or potentially gain more information to carry out a more sophisticated attack. So, there's definitely could reason to use different emails if you do use multiple websites.

Personally, I hardly sign up to anything these days. Kind of sick of every website requiring you to give your data over by signing up.
Most website requires authentication to give authorisation to dome specific infos.
If it just to get a particular info but signing is required, I think giving a temporary email just to access it at that particular time is good idea not bad if the details could be remembered  too..
Some sites Newhaven demo to shows limited information which could be what someone is in search for actually
member
Activity: 252
Merit: 37
First and foremost I want to say a very big thanks to op for sharing this information, this information is very helpful I most say, because I have been mean to ask this exact question on how to keep our bitcoin forum account safe. because the knowledge of scammers keep increasing day by day, so therefore we need to secure our account to the extent that scammers will find it very difficult to access it. However I so much appreciate op for those tips.
hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
~~~

You necro-bumped this thread from Oct. 2022 to just say "thank you"?!?  Roll Eyes

I disagree with your cited point 3:
if you have a strong and complex enough password (do not re-use passwords for different accounts!), you don't need to change it regularly. I use a password manager anyway and generate complex random passwords that are unique for every login I need. Humans are not good at creating random and complex enough stuff. New complex passwords are a pain to remember and forced frequent changes only leads to weak passwords that are "easy" for humans or the password change is ridiculous like bumping up a number which doesn't really add any security.

An important step is to enable 2FA to further secure your Bitcointalk account login.
full member
Activity: 588
Merit: 119
All through your advice and suggestions on email address usage, avoiding phishing sites, use of strong password and all that. The one I find no one here should joke with is signing a message from a wallet one uses. That has proved to be a sure way of recovering one's account when hacked. However, many users here are still reluctant on signing messages as proof of their ownership. Nonetheless, your suggestion of using a unique username while registering on the forum as a way of preventing account hacks can't be true. Every username is unique to the owner to start with. Besides, most times you don't even get to know anyone else has a similar username until after you're done registering.

All what was writing was a perfect guide to prevent ones account from being hack. Thanks to OP @Issa56 for the job done. But I will need a guide on how to sign a message with ones wallet on the forum.
hero member
Activity: 1022
Merit: 744
Security of forum accounts is something we must take very seriously.
If these tips and guidelines are followed completely, they will at least reduce account hacking, and many senior colleagues have provided additional account safety advice.
I consider this forum to be my home, and anything that could hinder my account is always opposed; this thread has given me more hints to help me secure my account even more. Despite the fact that I avoid using random devices to access my account and use strong passwords.
I need to sign a message with my current wallet address now, as explained, to ensure that my account is returned if it is compromised.
sr. member
Activity: 1610
Merit: 264
~
That's really a comforting statement, Welsh. I was worried on how many people know me already, but have not known them yet. Knowing that I was really just that brain dead teen back in the days registering in all of the game sites online. Good thing verification weren't such a drag for me during those days like almost many of the sites these days would require you an ID to fully "verify" yourself.

Passwords I used back in the day were kind of......okay anyway. It's not those typical "qwerty123" level anyway. Cheesy

I appreciate your input by the way! Smiley
legendary
Activity: 2702
Merit: 4002
One of the ways to lose accounts is to download the Forum application on Google or any random applications where you give your data to a third party.
Also adding a secret question to your account is another reason for losing your data.
The last and most important reason is to use a reusable email or a temporary email that more than one party can access.

More reasons can be added that cannot be counted for this, the question, knowledge and caution are the weapons that will guarantee you victory.
legendary
Activity: 2716
Merit: 1225
Once a man, twice a child!
All through your advice and suggestions on email address usage, avoiding phishing sites, use of strong password and all that. The one I find no one here should joke with is signing a message from a wallet one uses. That has proved to be a sure way of recovering one's account when hacked. However, many users here are still reluctant on signing messages as proof of their ownership. Nonetheless, your suggestion of using a unique username while registering on the forum as a way of preventing account hacks can't be true. Every username is unique to the owner to start with. Besides, most times you don't even get to know anyone else has a similar username until after you're done registering.
legendary
Activity: 994
Merit: 1089
Isn't the option to recover your password by answering a secret question disabled on the forum? I'm not sure, but I think I read somewhere that if you try to recover your password that way, your account will be locked and you will have to request a manual review and recovery process. (I can't find any details about it now though.)
It is not disabled, but yes your account will be locked if you try to recover an account with the secret question feauture, i honestly think it should be completely disabled, and members should not be able to set it, because, 1)it is not recommended and a bad idea of a second password, 2)it can be of no help, since even if you forget your password, and you want to use it for recovery, the account will be locked, 3)members should stick to recovering their password only with their email address, that way they should remember to use a valid email, and keep it safe. Here is some details about it:
This is a Public Service Announcement:

If you lose your password, DO NOT USE THE SECRET QUESTION TO RECOVER THE ACCOUNT. It will result in your account being locked. Please use the email recovery option to recover the account.
The reason that the accounts are locked is because the May 2015 hack leaked Bitcointalk's database which did not securely secure the Secret Question and Answer. To prevent people from guessing the answers, theymos made it so that accounts that are recovered using the secret question are automatically locked when the option is attempted. This is to prevent hackers who may be able to guess the answers from the leaked database.
hero member
Activity: 1008
Merit: 702
If your email address have been compromised it will be easy to hack your forum account, because the user can easily input your bitcointalk username on the forum and click on reset password, a code will be send to your mail which the user can easily use to access your forum account.

Hackers can compromise accounts by sending phishing emails, which is one of the lucrative and effective ways for them to lure their victims. They send you links via emails that appear genuine and cannot be distinguished from fraudulent ones, but which actually include harmful software and instruct you to act swiftly in response to the email delivered.

In order for you to have access to your services, they can ask you for any sensitive information regarding your accounts, such as updating your password or updating your account. All of these actions are taken to compile reliable information about your login information. If you see one posing, be on the alert for this red flag.
legendary
Activity: 1974
Merit: 2124
Speaking of Email address then you should not make it public because that will automatically summon hackers and scammers to your mail box and use additional one mail that you are not using as your main email address.

Most users should already be aware of these recommendations, but also ideally should already be following them. Since, this is what you should be doing for every account you own. I don't quite understand why security isn't taught in IT classes early on in life. I was never taught anything about security, but everything about Microsoft Office, which is kind of funny looking back.
Exactly they should be teaching some practical aspects in the school instead of going through all those silly activities they ask children to do.In the computer subjects also the higher students are also being familiar with the same old Microsoft word documents and Presentation to the class on some topic.I was interested in the subject but they tell us simple html tags to build up a website but that also not to some extent and everything gone in the air.Some serious changes should be made not burdening the child but giving them practical exposure to the IT world.
legendary
Activity: 2730
Merit: 7065
3. Always avoid downloading untested software or dangerous files.
I will take it one step further. Don't download anything you don't need just because you are curious to test it out or see what it does. "Curiosity killed the cat", remember that. Stick with the stuff you know and you need. When you determine that a file is dangerous based on what it did to your system, it might already be too late and something awful already happened. Keep it far away from you if you don't know what it is.

5. Avoid logging in with a random user's mobile device...
That goes for desktop computers as well. Don't access Bitcointalk from internet cafés because you can't know what the owners have installed on those computers or what the person who used it before you did. Using a friend's PC/phone can also be dangerous. Don't use unsecure WIFI networks. The friend doesn't have to be malicious and want to hack you, but they could be infected with some malware themselves. 

7. You can carefully sign a message with your wallet address as well. This can help you prove ownership of your account in case you fall victim to account hacking, if you can sign a message with your wallet, then you can recover your forum account back.
That message needs to be stored safely as well. If you get your device hacked and someone steals your digital proof, the other person will also gain the ability to sign a message from the same address and ultimately prove they have access to the private key.
legendary
Activity: 2072
Merit: 4265
✿♥‿♥✿

Maybe users can also make use of the "Secret Question" feature which might help you recover the account if it's stolen, though it is mentioned that this is not recommended since it also kind of acts like a second password, I still think that it is fine as long as you create an answer which someone should not be able to guess easily. (was there any history here where a user successfully retrieved the account using this feature?). Probably, in relation to forum security, signed message really will help recovering the account.

There was a good story on the vulnerability of security questions. Whoever has the question is practically exposing himself to the possibility of being hacked. If a hacker is puzzled by such a problem, I think by the method of selection, he could do it.
Welsh explained everything well, but for better understanding, I think there will be a few topics of interest that should change their attitude towards setting a security question.

https://bitcointalksearch.org/topic/m.60529210

https://bitcointalksearch.org/topic/m.54280403
sr. member
Activity: 2506
Merit: 368
I'll add few more tips:
1. Hide your email address from public, go to Profile --> Account Related Settings
2. Never ever participate any bounties, someone might use your address or social media accounts on purpose, so when a scam buster find you've linked to other user and participate in a same campaign, you will get negative feedback.
3. You must use very strong password or update your password regularly e.g. once a month.


Isn't it common to protect your personal account or maybe don't try to login to any other site except the legit one which in most cases are the causes of getting hacked. Then avoid using your personal email to any other site or use the same email on every site you try to register and most of all be wary everything about your account security. That's the first thing someone should do and don't let your account be as common as most newbies here I'm sure that would add some extra security with your account.

Once you created an account explore the settings of your profile down to securing everything to avoid most common problem about hacked account.
Pages:
Jump to: