Jump to content
AlphaStorm

Again about security

Recommended Posts

Hello. I'm writing about the incident on Stake.com

This evening my account was robbed. In the process of the bot as shown in the screenshot. I'm not asking you to return the coins to me, the loss was small, 250k eth. But I want to suggest adding proof of transfers between players by 2-fa.

At that time, I did not have 2-fa on my account, due to rare use. (there were some problems with using the bot).

I also strongly recommend that all players need to install 2-fa protection, so you will avoid similar incidents. I also received another proof that an unprotected account very quickly becomes a victim of hackers.

 

Screenshot_27.thumb.png.5bd1b27a8d874f42536f694043090c6d.png

Screenshot_26.thumb.png.0184516308e0f2f9666b890be6eb54f2.png

 

 

Share this post


Link to post
Share on other sites

Hi @AlphaStorm,

Adding an option to have 2FA on withdrawal is redundant since you can just tip balance away. And allowing for 2FA on tipping is not something that is necessary if 2FA is enabled on login. This is probably something we can't arrange because we don't see a foreseeable way to add 2FA to tipping.

There's no reason why 2FA can't be enabled on DiceBot for login.

Share this post


Link to post
Share on other sites
Just now, Dan said:

Hi @AlphaStorm,

Adding an option to have 2FA on withdrawal is redundant since you can just tip balance away. And allowing for 2FA on tipping is not something that is necessary if 2FA is enabled on login. This is probably something we can't arrange because we don't see a foreseeable way to add 2FA to tipping.

2fa at the entrance is not a 100% guarantee of protection. simple phishing and getting the cookies of the current session easily bypasses 2fa. after simply transferring the balance to your account and withdrawing it.

Share this post


Link to post
Share on other sites
38 minutes ago, AlphaStorm said:

2fa at the entrance is not a 100% guarantee of protection. simple phishing and getting the cookies of the current session easily bypasses 2fa. after simply transferring the balance to your account and withdrawing it.

But then we would need to add a setting for 2FA to add to withdrawals and tipping, which would also need 2FA for settings the settings, which is a bit ridiculous. Either way, we will have a discussion and see what can be done. I do understand the importance of account security, especially since we are dealing with currency which has more attacks than most other websites.

Share this post


Link to post
Share on other sites
1 hour ago, Dan said:

But then we would need to add a setting for 2FA to add to withdrawals and tipping, which would also need 2FA for settings the settings, which is a bit ridiculous. Either way, we will have a discussion and see what can be done. I do understand the importance of account security, especially since we are dealing with currency which has more attacks than most other websites.

I had a good idea. Is it possible to do something like a local pin code? When registering, it will be offered to create and download a file with account data (username / password + pin code permanent to access the settings and move the currencies inside the system) customizable option as a pin-code of the credit card.

Share this post


Link to post
Share on other sites
28 minutes ago, AlphaStorm said:

I had a good idea. Is it possible to do something like a local pin code? When registering, it will be offered to create and download a file with account data (username / password + pin code permanent to access the settings and move the currencies inside the system) customizable option as a pin-code of the credit card.

A pin code could also be another good option.

Share this post


Link to post
Share on other sites
8 minutes ago, AlphaStorm said:

I think it's even the easiest to perform.

But would that also mean you need a pin to bet also? Whats stopping someone from wagering all your money away instead? The real solution to the problem is don't use unofficial third party clients or other websites.

Share this post


Link to post
Share on other sites
Just now, Dan said:

But would that also mean you need a pin to bet also? Whats stopping someone from wagering all your money away instead?

A pin for a bet has no value for a thief. Yes, he can kill the balance by betting. But personally it will not give him anything.

Share this post


Link to post
Share on other sites

A three or four-digit pin code used for withdrawing and tipping sounds like a good idea for me.

It is not a lot of extra work to enter the pin each time it is needed, since its short.

But, if you have for example a keylogger or similar phishing program installed in your PC, it will get your pin too, like it can do with your password.....

 

Share this post


Link to post
Share on other sites

Hi again. And again there was a break-in. This time it's my sister's account. I'll say right away that she's new to the site and did not know much. There was no defense of 2fa. But I was embarrassed by something else. I have allocated a deposit of 200k Satoshi in the screenshot. This deposit came from the unknown. I know that purse addresses are public, but they are anonymous. You can not determine the binding of an address to any service. And I'm sure that you could not get it without having access to the site's database. I also can assume that the account was hacked earlier, but the funds were displayed with a delay. All this is very strange. Cases have become frequent. And not only on PD.

In this regard, I propose:

Set confirmation for withdrawal and transfer of funds (by mail or pin-code optional).

Anonymize the email address in the settings (ABCD*******@****.com)

 

Screenshot_44.png

Screenshot_45.png

Screenshot_46.png

Share this post


Link to post
Share on other sites

I want to say thank you to the administration and developers for the introduction of security in translations and conclusions both on PD and on Stake. I really hoped that my proposal would be relevant. Thank you 🤙

 

Screenshot_3.png

Edited by AlphaStorm

Share this post


Link to post
Share on other sites
5 hours ago, AlphaStorm said:

I want to say thank you to the administration and developers for the introduction of security in translations and conclusions both on PD and on Stake. I really hoped that my proposal would be relevant. Thank you 🤙

 

Screenshot_3.png

Love this a lot as well. It's also a bit more secure than before so they can't just withdraw or tip coins on your account. The 2FA is almost not bypass able at least on Google's side. So thanks for adding it indeed. :)

Share this post


Link to post
Share on other sites
On 13/08/2018 at 04:29, AlphaStorm said:

Hello. I'm writing about the incident on Stake.com

This evening my account was robbed. In the process of the bot as shown in the screenshot. I'm not asking you to return the coins to me, the loss was small, 250k eth. But I want to suggest adding proof of transfers between players by 2-fa.

At that time, I did not have 2-fa on my account, due to rare use. (there were some problems with using the bot).

I also strongly recommend that all players need to install 2-fa protection, so you will avoid similar incidents. I also received another proof that an unprotected account very quickly becomes a victim of hackers.

 

Screenshot_27.thumb.png.5bd1b27a8d874f42536f694043090c6d.png

Screenshot_26.thumb.png.0184516308e0f2f9666b890be6eb54f2.png

 

 

Post in stake forum also 

Share this post


Link to post
Share on other sites
23 hours ago, Aaqibking666 said:

Post in stake forum also 

Yes, I offered a 2f confirmation on this forum too. I also found out who stole the coins and how he did it. And I decided to offer this solution for security as the simplest and most reliable.

Share this post


Link to post
Share on other sites
On 17/09/2018 at 11:23, AlphaStorm said:

I want to say thank you to the administration and developers for the introduction of security in translations and conclusions both on PD and on Stake. I really hoped that my proposal would be relevant. Thank you 🤙

 

Screenshot_3.png

As of now I have not come across this yet.

Is there a possibility to have it selectable whether on or of, at least for advanced users?

Having 2FA enabled is great but having to enter the code each and all the time could become annoying easily.

Share this post


Link to post
Share on other sites
7 hours ago, Dboyeric said:

I thought account is secure once we set 2fa? 

It is but people share their details and as a result shit happens. They are usually the ones who lose their funds because of deceit. We do our best but account sharing is not easy to combat without adding additional security measures which sadly effects everyones gambling experience. We have introduced 2fa as a temp measure until the vault is released. 2fa on tipping is not permanent and it isn't something we want to keep around for long.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×