Which of the two will you choose as a gambler?

webtricks

legendary

Activity: 1918

Merit: 1728

Thank you everyone for your suggestions. I have read all posts and even though voting shows 50/50 response but the overall conclusion is that most of the people prefer Option 1 as they prefer for convenience and ease the most. With additional 2FA layer, everything is quite safe, making Option 1 the preferable choice among casinos and players.

The team was considering Option 2 because it has more flavor for cryptocurrency users. A person who prefers keeping full control of his funds (by using cryptocurrencies with private key security) would like keeping full control of his casino account too. But it turns out, people don't consider that much.

Some people questioned that Option 1 is completely safe and there's no reason why one should make things more complicated by using Option 2. Well, to certain degree that's true. But every system that is dependent on third party (email in this case) cannot be considered entirely safe. There is high chance that important information may leak in transition which is entirely out of user's control.

Quote from: TheGreatPython on May 05, 2020, 01:52:44 AM

This gives me a new idea where the gambling sites could actually ask the gambler to choose their own security option and the gambler knows if he will be playing small or big and hence he can decide the method based on that.

I don't think any website would do this because it will make very difficult to maintain single database and unnecessarily create complication in the working of MVC (Model-View-Controller).

TheGreatPython

sr. member

Activity: 2660

Merit: 339

Quote from: noormcs5 on May 02, 2020, 06:10:50 PM

Quote from: webtricks on May 01, 2020, 02:11:05 AM

Option 1: Email Based Authentication

Option 2: Keys Based Authentication

I will go with the email based authentication. I am a part time gambler and therefore i do not put a big amount of money on gambling sites. So i will prefer an easy authentication method based on email. If i had a lot of money deposited on gambling sites, then for sure the Keys Based Authentication best suited me.

This gives me a new idea where the gambling sites could actually ask the gambler to choose their own security option and the gambler knows if he will be playing small or big and hence he can decide the method based on that.

There can be another way where the website asks you a simple security code of 6 digits and you just have to remember that and enter it every time you withdraw this times both energy, time and resources. Alternative you can set some security questions maybe that you can answer and withdraw your funds and there are numerous other ways to set a easy yet string security for gamblers.

Japinat

hero member

Activity: 3052

Merit: 685

We got a tied votes here, : option 1 : 17 and option 2 :17

I voted for option 2 because I like my account to be safer, IMO, email can be hacked easily so it's right to secure your account with key based.
Personally, I have done that to many of my gambling site accounts, in different gambling sites of course and I hope all gambling site will add that kind of security features to ensure the safety of the users account.

xSkylarx

hero member

Activity: 2366

Merit: 594

The safest would be option 2. It is just like keeping your own seed to make sure your account is secured. In option 1, once your e-mail had been compromised by a hacker, the password and any other access can be changed. Each has their own strength, convenience and weaknesses, it all depends on how you keep your credentials secured and your computer clean..

deisik

legendary

Activity: 3514

Merit: 1280

English ⬄ Russian Translation Services

Quote from: coinfinger on May 04, 2020, 03:53:45 PM

The first option is good but it reminds me of a incident where a scammer used a new trick to collect emails, he would offer a lucky draw and you just have to enter your email id and hence you feel no problem and later they will use those email ids to try and brute force passwords and then sell the ids for spam

You can't brute force a 2FA code

For the simple reason it is a time-based one-time pass code (the most widespread variety that I know of). It changes every minute, and after it expires it is less than useless. The only way to get around 2FA is to get the secret phrase (or a QR-code associated with it). But if you are using a mobile device for its generation, to pull off this trick would require hacking both your email and the device itself. Not a totally impossible task on its own but a feat that would most certainly call for more than just one method of penetration, like a lot of social engineering coupled with direct physical access (forum was partially hacked this way a few years ago)

coinfinger

sr. member

Activity: 1638

Merit: 278

I prefer the 2nd method because while it is more time consuming but it offers complete security and there is no way someone can access my coins and withdraw them.

The first option is good but it reminds me of a incident where a scammer used a new trick to collect emails, he would offer a lucky draw and you just have to enter your email id and hence you feel no problem and later they will use those email ids to try and brute force passwords and then sell the ids for spam.

I always thought there could be a easy way to security but for now the 2nd one is the best even though its a bit of time consuming.

blockman

hero member

Activity: 3066

Merit: 629

Vave.com - Crypto Casino

Quote from: kayvie on May 04, 2020, 06:18:15 AM

Option 1 is what we often used but I don't think that it is easy to hack just like you have said. Email also has their 2FA (SMS verification or authenticator) and that is something that really secures our email. It indeed requires an additional device to activate or to do the verification but it is better since it helps to secure your account.

Ohh yes, I forgot about the authenticator that our email does whenever someone, a stranger logs in from an unknown IP.
It will be questioned by the email provider and that's another security for the email authenticator that we used to register. The 2FA authenticator is another additional security that everybody should add.

deisik

legendary

Activity: 3514

Merit: 1280

English ⬄ Russian Translation Services

Quote from: webtricks on May 01, 2020, 02:11:05 AM

Always need additional device (phone) to login (for 2FA code)

In fact, you don't necessarily need anything extra for 2FA (like a cellphone or whatever). Just use a browser plugin instead and you are good to go. I'm using one myself for sites where 2FA is a requirement (with Google Chrome)

Quote from: webtricks on May 01, 2020, 02:11:05 AM

Then a private code (long alphanumeric) will be generated for you and encoded with the help of password you entered in first step. Now you have to store private code somewhere safe. There onward, you have to paste private code and password to login into system

I don't really see how it is different from going with password only. Your scheme would make our lives more difficult, not more secure, as far as I can tell. If they can steal your password, they will be able to steal your pass code as well. So the conclusion is simple and straightforward, 2FA does add to more security overall, while the second option presented does not (unless I'm missing something)

LbtalkL

full member

Activity: 1176

Merit: 162

I prefer Option 2, I am concern with my info. Sometimes email-based authentication requires some permission to access your personal info, like numbers, birthday, etc. With this small info, they can try to hack or bypass and access our emails or some accounts, I am really concern with privacy and security. But in option 2 you need to store your keys carefully so that it cannot be stolen.

matchi2011

sr. member

Activity: 1456

Merit: 267

Buy $BGL before it's too late!

Quote from: kayvie on May 04, 2020, 06:18:15 AM

Option 1 is what we often used but I don't think that it is easy to hack just like you have said. Email also has their 2FA (SMS verification or authenticator) and that is something that really secures our email. It indeed requires an additional device to activate or to do the verification but it is better since it helps to secure your account.

If you understand how to secure your account just like what you have said, email can also be secured by means of 2fa if you configured and activate this from your account, regarding to option number 2 it's also good since you don't need to provide any information best for gamblers who wanted to have full anonymity to, types of players who wanted to play and go.

Distinctin

hero member

Activity: 2926

Merit: 657

No dream is too big and no dreamer is too small

I consider 2FA as the highest level of account security but should it needs to have it? Maybe it is not the ideal thing when you are not a big-time gambler because having $100 inside won't give the interest of the other people and that email confirmation is good enough. In fact, I didn't do any 2FA coz I see a big problem if ever I lost my phone and it is really hard to recover by then, but using option 1 could make you easy to access.

One thing we should have to do to make it safe, we must be careful in visiting sites.

7788bitcoin

legendary

Activity: 2282

Merit: 1023

I like the concept of Keys Based Authentication but i have not seen any site giving that option, in all the gambling site i enrolled i usually go with Email Based Authentication and would enable 2FA authentication and that too not mandatory for several sites until i deposit.

@OP are you planning to release your own gambling site with a key based authentication as i have seen your Face-Off game, can you list a couple of sites that has this feature enabled so that i wanted to try that out.

kayvie

sr. member

Activity: 1022

Merit: 257

Option 1 is what we often used but I don't think that it is easy to hack just like you have said. Email also has their 2FA (SMS verification or authenticator) and that is something that really secures our email. It indeed requires an additional device to activate or to do the verification but it is better since it helps to secure your account.

kotajikikox

full member

Activity: 2548

Merit: 217

Quote from: famososMuertos on May 03, 2020, 07:32:55 PM

Actually I have never seen weakness in either of these two methods in fact both are very safe the weakness on the part of the users.

Of course it is our responsibility to become safer because this is our money and we are the one who needs to keep the precautions.
but there are instances that hackers or scammers mislead us and we cannot really prevent this in a lifetime.

Quote from: famososMuertos on May 03, 2020, 07:32:55 PM

In my case I move very well between both systems, by the way not all betting sites offer both systems at the same time, so in general what predominates is method one.

Well that is mostly activated in gambling sites but Of course Email is mostly prone to scammers and sometimes hackers so better be aware and make sure to not clicking links instantly.

Hippocrypto

sr. member

Activity: 1484

Merit: 277

Quote from: famososMuertos on May 03, 2020, 07:32:55 PM

Actually I have never seen weakness in either of these two methods in fact both are very safe the weakness on the part of the users.

In my case I move very well between both systems, by the way not all betting sites offer both systems at the same time, so in general what predominates is method one.

Yeah it's good that indeed if we're using those systems, but first and foremost email authentication is the only way to make it more safer. That's why we should have a legit mails to use and avoid any aliases, or even your mobile numbers must always be legit one. As a gambler we must be transparent to every transactions made to avoid any mess in the future.

robelneo

legendary

Activity: 3416

Merit: 1225

I always prefer the email authentication the cons you mentioned between the two favors the email authentication many people prefer that way
if you know how to fully secure your email it will be the best file keeper, I'm confident that all my files and keys are safe using my email, use all the available authentication for your email.

famososMuertos

legendary

Activity: 1918

Merit: 3047

LE ☮︎ Halving es la purga

Actually I have never seen weakness in either of these two methods in fact both are very safe the weakness on the part of the users.

In my case I move very well between both systems, by the way not all betting sites offer both systems at the same time, so in general what predominates is method one.

Oilacris

hero member

Activity: 2996

Merit: 609

Quote from: chaser15 on May 03, 2020, 04:54:07 PM

I disagree with option 1 that it's easy to hack and be brute-forced. It's possible but I don't think it will happen all the time. Just make sure that everything was set up securely and we should already know how to do this.

I found it hassle if these gambling sites will have the same feature as most exchanges today. Email-based should be enough and have the support help you just in case of account recovery.

It should be enough and its been used mostly by gambling sites.It doesnt really need to be that complicated because gamblers do come and go
which means account security wont matter much because most of them would bust up in the end of the day. Grin

But well option 2 is good but not really that much important because creating a new gambling account is easy as 1,2,3 but doesnt need to complicate
things up because email system is enough, yes it is less secured but its not really that a big issue in talks here on gambling field.

chaser15

legendary

Activity: 2688

Merit: 1065

Undeads.com - P2E Runner Game

I disagree with option 1 that it's easy to hack and be brute-forced. It's possible but I don't think it will happen all the time. Just make sure that everything was set up securely and we should already know how to do this.

I found it hassle if these gambling sites will have the same feature as most exchanges today. Email-based should be enough and have the support help you just in case of account recovery.

Sadlife

sr. member

Activity: 1400

Merit: 269

I like email based authentication rather key code based security because once you've lost your private keys there's no way to recover your account. If ever that account gets hack or you've forgotten the password, why i prefer email based security is because some email provider sites now uses anti brute force security and implemented 2nd layer of security and that is captcha.

Topic: Which of the two will you choose as a gambler? (Read 645 times)