TH can you do something about this ?? :
http://forum.bitcoin.org/index.php?topic=24988.msg349060#msg349060
Topic: TradeHill - Security Update - 2 factor authentication is live - page 2. (Read 3269 times)
interesting news. I find your take on security and how it needs to evolve to be on the right track. I do not think a fee for better security would be warranted at this stage simply because it is very early in the game yet. If it were me i would leave the service free for more than a month. Perhaps think of it as a loss leader until you reach a larger share of the trading market and by that time your transaction fees will more than cover costs and yield a profit.
Being quick to address issues and perceived issues is a big step in the right direction. Now if only it didnt take so long to fund and withdraw funds
. Keep up the good work!
Being quick to address issues and perceived issues is a big step in the right direction. Now if only it didnt take so long to fund and withdraw funds
. Keep up the good work!Thanks for your feedback.
We would like to leave it free and I can promise we will never profit off enhancing security like this. If we charge in the future it will continue to be what we pay per user at most.
This is a top notch security solution and quality is never cheap. Our goal is to lower the cost and this month will serve as a trial.
In regards to transaction times we're working on it and balancing speed vs security. Today we caught a hacked Dwolla account that would have been missed without our manual verification.
We prevented a theft of somewhere around $500 that may have gotten out if we were fully automated. Ideally speed shouldn't have to be sacrificed for security in most cases and we now have someone at the helm 24 hours a day to answer emails and review transfers. The speed and security should both be increasing simultaneously.
Regards,
Jered
This too is awesome news. Thanks for your quick reply. I have to send you a pm for something else that just popped into my head which may be very important.
interesting news. I find your take on security and how it needs to evolve to be on the right track. I do not think a fee for better security would be warranted at this stage simply because it is very early in the game yet. If it were me i would leave the service free for more than a month. Perhaps think of it as a loss leader until you reach a larger share of the trading market and by that time your transaction fees will more than cover costs and yield a profit.
Being quick to address issues and perceived issues is a big step in the right direction. Now if only it didnt take so long to fund and withdraw funds . Keep up the good work!
Being quick to address issues and perceived issues is a big step in the right direction. Now if only it didnt take so long to fund and withdraw funds
. Keep up the good work!Thanks for your feedback.
We would like to leave it free and I can promise we will never profit off enhancing security like this. If we charge in the future it will continue to be what we pay per user at most.
This is a top notch security solution and quality is never cheap. Our goal is to lower the cost and this month will serve as a trial.
In regards to transaction times we're working on it and balancing speed vs security. Today we caught a hacked Dwolla account that would have been missed without our manual verification.
We prevented a theft of somewhere around $500 that may have gotten out if we were fully automated. Ideally speed shouldn't have to be sacrificed for security in most cases and we now have someone at the helm 24 hours a day to answer emails and review transfers. The speed and security should both be increasing simultaneously.
Regards,
Jered
I agree, make it "free"... you can make money through trades.
interesting news. I find your take on security and how it needs to evolve to be on the right track. I do not think a fee for better security would be warranted at this stage simply because it is very early in the game yet. If it were me i would leave the service free for more than a month. Perhaps think of it as a loss leader until you reach a larger share of the trading market and by that time your transaction fees will more than cover costs and yield a profit.
Being quick to address issues and perceived issues is a big step in the right direction. Now if only it didnt take so long to fund and withdraw funds . Keep up the good work!
Being quick to address issues and perceived issues is a big step in the right direction. Now if only it didnt take so long to fund and withdraw funds
. Keep up the good work!
Announcing the availability of Two Factor Authentication!
It's live, free and you can enable it in your profile (click your email address when logged in).
Security is always paramount on the web and even more important with Bitcoin.
The “ease of sending large funds globally” unfortunately has the potential to become the “ease of stealing large funds globally”.
With this in mind TradeHill set out to find well qualified security experts. Our search led us to Dug Song, Jon Oberheide and their team at Duo Security.
Regarding their qualifications and why we have decided to team up with them on this:
Dug Song, co-founder and CEO of Duo Security was most recently Chief Architect, Cloud Computing at Barracuda Networks, the worldwide
leader in e-mail and web security appliances, and previously VP Engineering at Zattoo, a worldwide online cable operator
which he helped grow 10x to 5 million European subscribers in 24 months. Dug spent 7 years as founding engineer and Chief
Security Architect at Arbor Networks (over $120M annual revenue before acquisition by Tektronix in 2010), capturing over
70% of the world’s Tier-1 service providers, and the largest enterprise and defense networks. Prior to Arbor, Dug built the first
commercial network anomaly detection system at Anzen Computing – acquired by NFR Security, acquired by Check Point
(CHKP). He is well-known for his contributions to the security / open-source community, including OpenBSD and OpenSSH.
Jon Oberheide, co-founder and CTO, was a previously security researcher and PhD candidate at the University of Michigan.
His research has resulted in over 20 publications and talks, been featured in mainstream and international press (such as his
recent break of the Chinese Green Dam censorware), resulted in multiple provisional and subsequent patent applications, and
pioneered the development of cloud-based detection of malicious software. Jon has also held R&D positions at Merit
Networks and Arbor Networks, and is a frequent speaker at academic and industry security conferences on topics related to
malicious software, cloud/virtualization security, and mobile device security.
How this will work for our users:
For detailed information visit their site at http://www.duosecurity.com/docs/authentication
We are offering 5 ways to authenticate your TradeHill login. All are optional, if you do not wish to activate 2 factor-authentication it won't be required.
You can activate this in your profile (click your email address when logged in)
Phone callback – You will receive a call, push a predesignated key to authenticate
Passcodes via SMS – Duo will send you a set of passcodes used to login
Passcodes via Duo Mobile - Your phone will generate a passcode (works offline)
Duo Push – Your phone will be sent a request when you try to log in
Hard tokens – We can ship you a physical token that will be used to login
The beauty of their system is how quick and simple it is to both implement and use. Within minutes you can be up and running.
Additionally there are even more advanced security features for Duo Push. Selecting Duo Push will "push" a login request to your phone.
You can review the specifics of the request (integration, location, etc.) and then approve or deny it instantly.
Click here for a quick 30 second video showcasing the various methods: http://www.youtube.com/watch?v=7N8pBVAWLwU
What will this enhanced security feature cost the user?
For the first month absolutely nothing. After we have evaluated the system in our live environment we will either continue to provide the service free of charge or deduct at most $0.99 (or BTC equivalent). If we can justify charging less we will. We feel confident that we can and the fee will most likely be lower. If we are able to pick up the tab completely ourselves then we will continue to offer the service for free. Regardless in the absolute worst case scenario this service will never cost the user more than $0.99 (or BTC equivalent) per month. In the event we need to charge a fee for this service, we will announce it well ahead of time.
Your feedback is greatly appreciated as always. I want to personally thank the community for everything you've given us and we would like to continue to provide you a safe and trusted place to exchange Bitcoins. We will be on onlyoneTV with Bruce today (July 13th) at 2PM EST and happy to speak more about upcoming changes to TradeHill and Bitcoin. If you have any questions please email us at [email protected]
Regards,
Jered Kenna
TradeHill.com
www.facebook.com/tradehill
www.twitter.com/tradehill
Edit: I forgot to mention that at this point Duo Sec limits one user per mobile device but they have said this should change by the end of the month.
It's live, free and you can enable it in your profile (click your email address when logged in).
Security is always paramount on the web and even more important with Bitcoin.
The “ease of sending large funds globally” unfortunately has the potential to become the “ease of stealing large funds globally”.
With this in mind TradeHill set out to find well qualified security experts. Our search led us to Dug Song, Jon Oberheide and their team at Duo Security.
Regarding their qualifications and why we have decided to team up with them on this:
Dug Song, co-founder and CEO of Duo Security was most recently Chief Architect, Cloud Computing at Barracuda Networks, the worldwide
leader in e-mail and web security appliances, and previously VP Engineering at Zattoo, a worldwide online cable operator
which he helped grow 10x to 5 million European subscribers in 24 months. Dug spent 7 years as founding engineer and Chief
Security Architect at Arbor Networks (over $120M annual revenue before acquisition by Tektronix in 2010), capturing over
70% of the world’s Tier-1 service providers, and the largest enterprise and defense networks. Prior to Arbor, Dug built the first
commercial network anomaly detection system at Anzen Computing – acquired by NFR Security, acquired by Check Point
(CHKP). He is well-known for his contributions to the security / open-source community, including OpenBSD and OpenSSH.
Jon Oberheide, co-founder and CTO, was a previously security researcher and PhD candidate at the University of Michigan.
His research has resulted in over 20 publications and talks, been featured in mainstream and international press (such as his
recent break of the Chinese Green Dam censorware), resulted in multiple provisional and subsequent patent applications, and
pioneered the development of cloud-based detection of malicious software. Jon has also held R&D positions at Merit
Networks and Arbor Networks, and is a frequent speaker at academic and industry security conferences on topics related to
malicious software, cloud/virtualization security, and mobile device security.
How this will work for our users:
For detailed information visit their site at http://www.duosecurity.com/docs/authentication
We are offering 5 ways to authenticate your TradeHill login. All are optional, if you do not wish to activate 2 factor-authentication it won't be required.
You can activate this in your profile (click your email address when logged in)
Phone callback – You will receive a call, push a predesignated key to authenticate
Passcodes via SMS – Duo will send you a set of passcodes used to login
Passcodes via Duo Mobile - Your phone will generate a passcode (works offline)
Duo Push – Your phone will be sent a request when you try to log in
Hard tokens – We can ship you a physical token that will be used to login
The beauty of their system is how quick and simple it is to both implement and use. Within minutes you can be up and running.
Additionally there are even more advanced security features for Duo Push. Selecting Duo Push will "push" a login request to your phone.
You can review the specifics of the request (integration, location, etc.) and then approve or deny it instantly.
Click here for a quick 30 second video showcasing the various methods: http://www.youtube.com/watch?v=7N8pBVAWLwU
What will this enhanced security feature cost the user?
For the first month absolutely nothing. After we have evaluated the system in our live environment we will either continue to provide the service free of charge or deduct at most $0.99 (or BTC equivalent). If we can justify charging less we will. We feel confident that we can and the fee will most likely be lower. If we are able to pick up the tab completely ourselves then we will continue to offer the service for free. Regardless in the absolute worst case scenario this service will never cost the user more than $0.99 (or BTC equivalent) per month. In the event we need to charge a fee for this service, we will announce it well ahead of time.
Your feedback is greatly appreciated as always. I want to personally thank the community for everything you've given us and we would like to continue to provide you a safe and trusted place to exchange Bitcoins. We will be on onlyoneTV with Bruce today (July 13th) at 2PM EST and happy to speak more about upcoming changes to TradeHill and Bitcoin. If you have any questions please email us at [email protected]
Regards,
Jered Kenna
TradeHill.com
www.facebook.com/tradehill
www.twitter.com/tradehill
Edit: I forgot to mention that at this point Duo Sec limits one user per mobile device but they have said this should change by the end of the month.
Jump to: