Pages:
Author

Topic: Whats your take on adding 2FA key as a Bitcointalk account security features. - page 3. (Read 620 times)

legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Signing a message became meaningless many years ago when it was uncovered accounts were being sold WITH a corresponding priv key to a wallet address that had been staked.
2FA isn't meant to stop account sales, it's meant to stop accounts from getting compromised.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
I have nothing against additional security when it comes to our BTT accounts, but I wonder to what extent even 2FA would protect those who behave carelessly in protecting their private data. As we know, most CEX (perhaps even all of them) have some type of 2FA, but even such accounts are often hacked, because no one should be fooled that 2FA is some kind of ultimate solution for absolute security.



To protect and increase your account security regularly changing of passwords can also help to improve your account safety. security.
~snip~

If I have a strong password that consists of, say, 20+ random characters, and if that same password is stored in a way that I'm sure it's accessible only to me, what's the point of regularly changing the password? It can even be counterproductive if you pick up a keylogger in the meantime, and by changing your password you actually compromise yourself.
legendary
Activity: 3696
Merit: 2219
💲🏎️💨🚓
Signing a message became meaningless many years ago when it was uncovered accounts were being sold WITH a corresponding priv key to a wallet address that had been staked.

It's a dead end security feature.

The same for PGP/GPG keys which can likewise be ported.
hero member
Activity: 1428
Merit: 653
Leading Crypto Sports Betting & Casino Platform
To protect and increase your account security regularly changing of passwords can also help to improve your account safety. As reputable user you don't need to stressed yourself much and besides the dream of this forum is enable everyone has a seamless access and will power to control their account without any restrictions that limit people especially newbies not to have the utmost accessibility to the forum. The forum is place to teach and learn things that are related to bitcoin advancement and progression, adding any restrictions is like bridging the mission of Bitcointalk forum, henceforth any one and everyone are liable for their account security.
full member
Activity: 952
Merit: 232
I was thinking more in the direction as to why it couldn't be possible to develop this Bitcointalk forum into an app that can be downloaded, or if it already exists, or the idea had been downplayed, please hint.
Otherwise and still, any good thought as this concerning security and privacy of accounts is always a welcomed read for me.
hero member
Activity: 798
Merit: 1045
Goodnight, ohh Leo!!! 🦅
The fuckin' SMF patch is yet to be enacted by Theymos... This also makes me feel he sees everything that's happening in here.., especially here in the meta- verse  Tongue  he gave some merit to the post as well
I keep saying this - If it ain't safe, then it ain't worth the stress this whole time.... I don't think anyone would stay happy if Thier accounts are compromised all of a sudden.

Sandra 🧑‍🦰
legendary
Activity: 2170
Merit: 1789
Recently, Google added the option of restoring the service by uploading data to the cloud, and certainly your data may be shared across several parties on the Internet. So Google authentication is bad for privacy and security.
If it is an option, does this mean by default they won't do it? It would be terrible if they store your secret key somewhere and allowed someone to access it to expose everything.

As much as 2FA is important, but all the data in this forum is available to everyone, there is rarely anything of interest in PM, and the steps to recover the account are quick, hacking forum accounts is nothing more than sabotage activity or for personal reasons.
It would be different for each user of course. A legendary account that has records of trading or something similar is a good target to attack if they want to scam someone. A good example is also given above. Adding more security features is always a welcome addition as long as it doesn't compromise anything else imo.
legendary
Activity: 1596
Merit: 1288


So why don't we add a Google authentication option as a security feature to the forum? This could prevent from account being stolen if the user never showed up after a long period of inactivity or his password has been compromised.
Recently, Google added the option of restoring the service by uploading data to the cloud, and certainly your data may be shared across several parties on the Internet. So Google authentication is bad for privacy and security.

As much as 2FA is important, but all the data in this forum is available to everyone, there is rarely anything of interest in PM, and the steps to recover the account are quick, hacking forum accounts is nothing more than sabotage activity or for personal reasons.
sr. member
Activity: 854
Merit: 424
I stand with Ukraine!
Many times it was asked and Bitcointalk with SMF software will not deploy it offcially. It is also because of limited human resource as theymos is the only who manage the forum software and he does not want to deploy new things which can cause potential security problems.

You must know that 2FA is not a perfect protection for your account if you have practice. If your practice is good with password, Internet using, it is enough to protect your account without 2FA.

Stake your Bitcoin address, message and PGP key too.

[Guide] How to use strong and secure password
Stake your PGP key here
Stake your Bitcoin address and message here
hero member
Activity: 770
Merit: 538
Leading Crypto Sports Betting & Casino Platform
When you can prove authenticity by signing a message from any of your old/staked bitcoin address. why bother having 2FA? Learn to sign message if you are worried about account comprising.

There's a need for 2FA integration in the forum. just as PowerGlove has also suggested on the thread provided by un_rank, and many reputable members have also concurred with the idea because of the importance of more security features.

Imagine someone gaining access to your account and taking a non-collateral loan of $5,000, or maybe the person posts a malware link that results in your account being banned.

e.g. Someone Loan using My Account
hero member
Activity: 1554
Merit: 880
pxzone.online
... I don't  think Theymos has the intention of implementing 2FA authentication in this forum anytime soon.
He is, and theymos already give a thumbs up on what PowerGlove is creating[1], it will be up anytime soon actually. But let's see until theymos implement it successfully coz it's something a pain in the as merging to the current forum.

[1] https://bitcointalksearch.org/topic/a-concise-2fatotp-implementation-smf-patch-5457330
hero member
Activity: 644
Merit: 661
- Jay -
2FA is a good security measure to prevent account thefts and has been suggested several times on the forum. Staked address is a measure to restore an already stolen account which can already have some damage dealt to the user, but 2FA prevents the damage from happening if done properly from the user.

@PowerGlove created an SMF patch [1] to make it easier for theymos and he dropped some merits there suggesting that theymos is open to including it just as he did with the OP tag on the thread starter. Let us wait a bit and see if any changes occur.
A user can add secret questions
Secret questions have been disabled on the forum due to security risk.

So why don't we add a Google authentication option as a security feature to the forum?
2FA is good, but Gogle authenticator is the worst privacy option. There are so many preferred ones which the forum can use, or opt for the one created by a forum user.

[1] https://bitcointalksearch.org/topic/a-concise-2fatotp-implementation-smf-patch-5457330

- Jay -
legendary
Activity: 3234
Merit: 1375
Slava Ukraini!
When you can prove authenticity by signing a message from any of your old/staked bitcoin address. why bother having 2FA? Learn to sign message if you are worried about account comprising.
Signing a message from staked address is solution of issue when account already got compromised. But until case with your account will be resolved, hacker can make significant damage for you. While having 2FA would be prevention that such things wouldn't happen.
hero member
Activity: 1358
Merit: 851
When you can prove authenticity by signing a message from any of your old/staked bitcoin address. why bother having 2FA? Learn to sign message if you are worried about account comprising.
hero member
Activity: 700
Merit: 541
Bitcoin Casino Est. 2013
This has been discussed several times and with what I have seen I don't  think Theymos has the intention of implementing 2FA authentication in this forum anytime soon.

Do you agree to have 2fa Authentication on Bitcointalk.org?
2-Factors Authentication
TopicsDatewritten by
_____________________________________________________________________________________________________________________
Can bitcointalk.org get 2 factor authentication?17/4/2013StevenPine
Why doesn't Bitcointalk support 2FA?14/5/2016cryptoheadd
2FA on bitcoin talk05/9/2017dreamer81
Isn't it time to introduce 2FA to enhance user account security ?24/3/2018DdmrDdmr
Bitcointalk.org 2FA option/feature13/11/2018tiikol
Should there be an option of adding 2fa for forum accounts?30/5/2019iamsheikhadil
full member
Activity: 504
Merit: 212
Bitcointalk is a well-known forum in the crypto industry where being a reputable member is like a dream for many. There are some security measures that can be taken to protect your bitcoin talk account from being stolen or hacked. A user can add secret questions, and stake their BTC address in the forum to protect their account. Despite this sometimes accounts got hacked and are taken by hackers.

So why don't we add a Google authentication option as a security feature to the forum? This could prevent from account being stolen if the user never showed up after a long period of inactivity or his password has been compromised.
Pages:
Jump to: