@MsMorrisine said:
how about 3 failed login attempts it locks your account until the next morning and sends an email to the user
It probably needs to start with an email when a password or email is changed. It does not look like these passwords are being guessed, so the 3 failed attempts might not catch the hacker (although it could still be a decent added feature).
may e all of the above, but once a password is changed, it's too late
If we all pitch in and start a Go-Fund-Me compaign, maybe we can pay off this exorbitant water bill and the guy won't have to resort to a life of crime.
Turn the other cheek, so to speak.
@chattermonkey said: @PCGS_Moderator I know 2FA isn’t perfect, but it’d probably stop a lot of the account hijackings we’ve been seeing lately. Might be worth looking into
You can enable 2FA on your PCGS account via the PCGS.com site. Click Account -> Change Password -> Enable 2FA.
@chattermonkey said: @PCGS_Moderator I know 2FA isn’t perfect, but it’d probably stop a lot of the account hijackings we’ve been seeing lately. Might be worth looking into
You can enable 2FA on your PCGS account via the PCGS.com site. Click Account -> Change Password -> Enable 2FA.
this is not supported on the forum site, but i suggest everyone turn it on
@OnBendedKnee said:
If we all pitch in and start a Go-Fund-Me compaign, maybe we can pay off this exorbitant water bill and the guy won't have to resort to a life of crime.
Turn the other cheek, so to speak.
Isn’t the person whose name was on the water bill the forum member whose account was hacked? If so, he’s not the one committing crime.
Mark Feld* of Heritage Auctions*Unless otherwise noted, my posts here represent my personal opinions.
It's quite possible that the accounts are being compromised through vulnerabilities in the software running on the server hosting the forum. If that's the case, changing your password will not make a difference. Only time will tell if it is related to previous large security breaches and credential stuffing or if it's localized to the PCGS forum.
@MsMorrisine you're correct the 2FA is only for the PCGS site not forum account. I forgot they were separate.
FYI, Ron responded to my message through the set registry and is legit.
Thankfully not offended enough to not buy the coin. 👍
Actually, he was very understanding.
That’s a shame about a decade ago the BST was hoping and I did over 10k if business over it without 1 problem other
than a buyer who wanted to return the coin over a year later and wanted a slight profit because it didn’t cac. The buyer later apologized but it was a Testy exchange but in the scheme of things not a big deal, collectors being collectors is way better than scammer being D bags
A lot of the compromises are happening (elsewhere, I can't speak definitively for the coin forums) via credential stuffing.
Over the years, billions of passwords have been compromised. If you drop the purely random ones, and sort by frequency, that gives you thousands to try against a given account.
Just because HorseBatteryStaple seems clever, easy to remember, and long -- doesn't mean hundreds of people think they are equally clever and it gets tried.
Honestly, the only 'secure' way is to use a password vault to generate a long unique random password with characters from each of the four groups (UPPERCASE lowercase numeric, and special).
-----Burton ANA 50 year/Life Member (now "Emeritus")
@justindan said:
It's quite possible that the accounts are being compromised through vulnerabilities in the software running on the server hosting the forum. If that's the case, changing your password will not make a difference. Only time will tell if it is related to previous large security breaches and credential stuffing or if it's localized to the PCGS forum.
@MsMorrisine you're correct the 2FA is only for the PCGS site not forum account. I forgot they were separate.
Which only tells you they are not going to invest in, or take responsibility for, transactions on what are supposed to be nothing more than message boards. The PCGS site hosts credit card information and contains lots of PII and sensitive information regarding members' holdings, so it gets the commercially reasonable protection of 2FA.
CU likely does not want to imply any endorsement of the use of the forums for anything other than their intended use, conversation, by employing the level of security that a bank or store would. They have shown they have the technology. Its absence here is likely intentional.
They make nothing off BST transactions, don't stop us from engaging in them, but likely want no part of it. Given a choice between beefing up security and killing BST, which do you think they will choose?
Because @jmlanzaf is right about this looking like more than a coincidence. But CU hosts the forum as a convenience to us. If something has been compromised or exposed, it shouldn't be a big issue, because we aren't supposed to have PII here, and shouldn't be using the same passwords we use for our bank and brokerage accounts. In fact, ideally, we should probably all be anonymous to each other.
But we let our guards down because we think this is a closed community, and a safe place, even though there is no such thing on the internet, so here we are. So now, what should CU do? Shut it all down, just take down the BST, tell us that we are all on our own here, and to figure it out, or spend all sorts of time and money to track this down and prevent it in the future in order to protect us from ourselves?
Comments
may e all of the above, but once a password is changed, it's too late
I'm not ready to say that is true but it's possible. There is a chance that Jim did not actually change his password.
If we all pitch in and start a Go-Fund-Me compaign, maybe we can pay off this exorbitant water bill and the guy won't have to resort to a life of crime.
Turn the other cheek, so to speak.
You can enable 2FA on your PCGS account via the PCGS.com site. Click Account -> Change Password -> Enable 2FA.
Dang, very sorry to hear this.
Thanks for raising the attention level on this, and yes, everyone should IMMEDIATELY change their passwords.
Dave
this is not supported on the forum site, but i suggest everyone turn it on
Isn’t the person whose name was on the water bill the forum member whose account was hacked? If so, he’s not the one committing crime.
Mark Feld* of Heritage Auctions*Unless otherwise noted, my posts here represent my personal opinions.
It's quite possible that the accounts are being compromised through vulnerabilities in the software running on the server hosting the forum. If that's the case, changing your password will not make a difference. Only time will tell if it is related to previous large security breaches and credential stuffing or if it's localized to the PCGS forum.
@MsMorrisine you're correct the 2FA is only for the PCGS site not forum account. I forgot they were separate.
FYI, Ron responded to my message through the set registry and is legit.
Thankfully not offended enough to not buy the coin. 👍
Actually, he was very understanding.
That’s a shame about a decade ago the BST was hoping and I did over 10k if business over it without 1 problem other
than a buyer who wanted to return the coin over a year later and wanted a slight profit because it didn’t cac. The buyer later apologized but it was a Testy exchange but in the scheme of things not a big deal, collectors being collectors is way better than scammer being D bags
11.5$ Southern Dollars, The little “Big Easy” set
a year and a profit. we need a block function here
CU could require more information for prospective and current members.
bump
A lot of the compromises are happening (elsewhere, I can't speak definitively for the coin forums) via credential stuffing.
Over the years, billions of passwords have been compromised. If you drop the purely random ones, and sort by frequency, that gives you thousands to try against a given account.
Just because HorseBatteryStaple seems clever, easy to remember, and long -- doesn't mean hundreds of people think they are equally clever and it gets tried.
Honestly, the only 'secure' way is to use a password vault to generate a long unique random password with characters from each of the four groups (UPPERCASE lowercase numeric, and special).
ANA 50 year/Life Member (now "Emeritus")
Which only tells you they are not going to invest in, or take responsibility for, transactions on what are supposed to be nothing more than message boards. The PCGS site hosts credit card information and contains lots of PII and sensitive information regarding members' holdings, so it gets the commercially reasonable protection of 2FA.
CU likely does not want to imply any endorsement of the use of the forums for anything other than their intended use, conversation, by employing the level of security that a bank or store would. They have shown they have the technology. Its absence here is likely intentional.
They make nothing off BST transactions, don't stop us from engaging in them, but likely want no part of it. Given a choice between beefing up security and killing BST, which do you think they will choose?
Because @jmlanzaf is right about this looking like more than a coincidence. But CU hosts the forum as a convenience to us. If something has been compromised or exposed, it shouldn't be a big issue, because we aren't supposed to have PII here, and shouldn't be using the same passwords we use for our bank and brokerage accounts. In fact, ideally, we should probably all be anonymous to each other.
But we let our guards down because we think this is a closed community, and a safe place, even though there is no such thing on the internet, so here we are. So now, what should CU do? Shut it all down, just take down the BST, tell us that we are all on our own here, and to figure it out, or spend all sorts of time and money to track this down and prevent it in the future in order to protect us from ourselves?