-
Welcome to ForumKorner!
Join today and become a part of the community.
[PREVENT] Compromised Accounts
- Thread starter Krish
- Start date
RE: [FIX] Compromised Accounts
I believe this idea is already in the works, note this photo:
Clicking that link currently takes you here but it's a blank page.
This idea should100% be implemented though because it would make deals on-site more secure and would stop the "I was compromised" in scams.
It's not FK's job to protect users from being compromised, but this idea would just make the whole site feel more secure overall.
I believe this idea is already in the works, note this photo:
Clicking that link currently takes you here but it's a blank page.
This idea should100% be implemented though because it would make deals on-site more secure and would stop the "I was compromised" in scams.
It's not FK's job to protect users from being compromised, but this idea would just make the whole site feel more secure overall.
RE: [FIX] Compromised Accounts
It's blank because I think it came with mybb
Totodile said:I believe this idea is already in the works, note this photo:
Clicking that link currently takes you here but it's a blank page.
This idea should100% be implemented though because it would make deals on-site more secure and would stop the "I was compromised" in scams.
It's not FK's job to protect users from being compromised, but this idea would just make the whole site feel more secure overall.
It's blank because I think it came with mybb
RE: [FIX] Compromised Accounts
Maybe make it so if you log in from a different iP your account gets locked for 24 hours, and if pass changes from a different ip it's 48 hours
*Sorry if my grammer is shit, I just got a new thinkpad couple hours ago :|
Maybe make it so if you log in from a different iP your account gets locked for 24 hours, and if pass changes from a different ip it's 48 hours
*Sorry if my grammer is shit, I just got a new thinkpad couple hours ago :|
RE: [FIX] Compromised Accounts
Hey, @Satan @Paladin could you guys voice your opinions on this? Like if you support the idea or not?
That's just a very troublesome way of going about it and you have to think about socks5's and how close they can be (location wise) so the system soesmt detect it.Fedoras said:
Hey, @Satan @Paladin could you guys voice your opinions on this? Like if you support the idea or not?
RE: [FIX] Compromised Accounts
I login on a different IP every time I use FK. Several people use the VPN service I use as well. I think the only time IP's of users are looked into is when they're suspected of multi / faking being compromised.
Also, SOCKS5 usually die within 48-72 hours even when private/ VIP72. If a user has logged into FK from the same residential connection over weeks, it's probably not a socks.
Krish said:
I login on a different IP every time I use FK. Several people use the VPN service I use as well. I think the only time IP's of users are looked into is when they're suspected of multi / faking being compromised.
Also, SOCKS5 usually die within 48-72 hours even when private/ VIP72. If a user has logged into FK from the same residential connection over weeks, it's probably not a socks.
RE: [FIX] Compromised Accounts
2FA wont help if the person was stupid enough to get compromised in the first place. 2FA wont work if everything the person owns is jacked.
I think a mandatory password change every 72 days or so would be pretty nice, as well as a required strong password.
There's still tons of people using uniform passwords throughout all their accounts.
This is more of a problem with users, rather than the site. Stop using insecure email services, weak and common passwords, or sharing passes across sites.
Again, the only secure (imho) email services are https://www.autistici.org and https://www.riseup.net.
I use generated passwords from https://xkpasswd.net/s/ (WEB16)
Krish said:
2FA wont help if the person was stupid enough to get compromised in the first place. 2FA wont work if everything the person owns is jacked.
I think a mandatory password change every 72 days or so would be pretty nice, as well as a required strong password.
There's still tons of people using uniform passwords throughout all their accounts.
This is more of a problem with users, rather than the site. Stop using insecure email services, weak and common passwords, or sharing passes across sites.
Again, the only secure (imho) email services are https://www.autistici.org and https://www.riseup.net.
I use generated passwords from https://xkpasswd.net/s/ (WEB16)
RE: [FIX] Compromised Accounts
Ahh, I think you may have misunderstood, I'm talking about to PREVENT compromised accounts. I should change the title, sorry for not being clear @Satan
I agree that this is a user problem but due to how often it happens, it shouldn't be a problem for the site to help the users out by allowing an option for additional security.
You said 2fa doesn't help if everything is jacked? You'd need the physical device the 2Step QR has been loaded onto to get the code to log in to fk in the first place. I use Riseup myself and you're right, I absolutely love the service but a lot of members would have a hard time getting thier hands on an invite code.Satan said:
Ahh, I think you may have misunderstood, I'm talking about to PREVENT compromised accounts. I should change the title, sorry for not being clear @Satan
I agree that this is a user problem but due to how often it happens, it shouldn't be a problem for the site to help the users out by allowing an option for additional security.
RE: [FIX] Compromised Accounts
I offer free invites to anyone who asks me. I made a thread about it when I first signed up, but someone deleted that thread.
It really depends on the method for 2FA;
SMS, Call, and email 2FA are obsolete and insecure.
A code being sent to the physical device is the only 2FA that I'd recommend.
3/4 most common 2FA is enough for me to say most 2FA is pointless, but I didn't know FK had the potential for the last.
Krish said:
I offer free invites to anyone who asks me. I made a thread about it when I first signed up, but someone deleted that thread.
It really depends on the method for 2FA;
SMS, Call, and email 2FA are obsolete and insecure.
A code being sent to the physical device is the only 2FA that I'd recommend.
3/4 most common 2FA is enough for me to say most 2FA is pointless, but I didn't know FK had the potential for the last.
Generally, the accounts that are vulnerable are those yet to be banned from pre-2013, when the database was leaked, that haven't signed in to secure their account. Aside from this, the rest are usually an issue on the users side. There is a two step authentication setting in the UCP, accessible to all who deem necessary. It's been made very clear that thisexcuse won't fly. Unfortunate for some, but a comfortable precaution.
This does bring a thought up for me, though. I'll run it by.
This does bring a thought up for me, though. I'll run it by.
Featured
-
Email +2349022657119..I WANT TO JOIN ILIMIUNAT VOODOO HOODOO.. OCCULT
- Started by lord alex
- Replies: 0
Share this page
