Hi,
Recently, we've been starting to receive a lot more password reset requests than we used to - they now comprise almost 70% of all tickets. As a result, we temporarily plan to lower the priority of responding to password reset E-Mails until we can get a better handle on how and if we can resolve this problem permanently.
One of the obvious ways to deal with the issue of password resets is to require E-Mail addresses, but that introduces a vulnerability into the system of hackers being able to hack someone else's mailserver and send a reset request. Another issue is that collecting E-Mail addresses subjects us to the Child Online Privacy and Protection Act, with its expensive requirements of making sure that we ban users under 13 because we cannot legally collect their personally identifiable information.
Chris does plan to get to the password reset requests eventually, but we will be prioritizing older issues in the support ticket system first. I apologize to customers who will be negatively affected by this prioritiziation, but it's important that we resolve issues that we caused first, like balance investigations. We do want to respond to all tickets, but until we can get additional help, this type of ticket is of the lowest priority.
As with two-factor authentication, in the high-security cryptocurrency environment, customers are ultimately responsible for their own security, which means using unique passwords on every site, making sure they are not lost, enabling two-factor authentication, and making sure your authentication device is backed up. Additionally, we recommend blocking Tor access to your account for added security.
Thanks for your understanding,
-Steve
Note about password recovery services
Forum rules
Welcome to the System Support forum! Encounter a problem related to the pool? Post your issue here and we will help you out.
Keep in mind that the forums are monitored by PROHASHING less closely than the official support channels, so if you have a pressing issue, please submit an official support ticket so that our Support Analyst can look into your issue in a timely manner.
We cannot answer financial questions related to your account on a public forum, so those questions should always be submitted through the orange Support button on prohashing.com/about.
For the full list of PROHASHING forums rules, please visit https://prohashing.com/help/prohashing- ... rms-forums.
Welcome to the System Support forum! Encounter a problem related to the pool? Post your issue here and we will help you out.
Keep in mind that the forums are monitored by PROHASHING less closely than the official support channels, so if you have a pressing issue, please submit an official support ticket so that our Support Analyst can look into your issue in a timely manner.
We cannot answer financial questions related to your account on a public forum, so those questions should always be submitted through the orange Support button on prohashing.com/about.
For the full list of PROHASHING forums rules, please visit https://prohashing.com/help/prohashing- ... rms-forums.
-
Steve Sokolowski
- Posts: 4585
- Joined: Wed Aug 27, 2014 3:27 pm
- Location: State College, PA
Re: Note about password recovery services
Would it be possible to have a password reset feature built into the two-factor authentication service? As in, if requesting a password reset, it would send a text to the phone number associated with your account asking if you indeed requested a reset, you reply with yes, and then it'd send you a new, random password? Would that be possible?
-
AppleMiner
- Posts: 736
- Joined: Sat Sep 30, 2017 1:44 pm
Re: Note about password recovery services
I think the google authenticator 2FA, is just an electronic key fab used to sync an account with a changing number used for access.
You can add and subtract accounts from it, but I do not think there is interaction with the authenticator to the level you describe.
In fact once you have a codekey scanned in and paired and have authenticated it on the website and its been enabled, I do not think that device even needs to have outside access(wifi,internet,other) to be able to continue to generate the numbers usable on the systems they have already added and paired.
You can add and subtract accounts from it, but I do not think there is interaction with the authenticator to the level you describe.
In fact once you have a codekey scanned in and paired and have authenticated it on the website and its been enabled, I do not think that device even needs to have outside access(wifi,internet,other) to be able to continue to generate the numbers usable on the systems they have already added and paired.
-
GregoryGHarding
- Posts: 646
- Joined: Sun Apr 16, 2017 3:01 pm
Re: Note about password recovery services
there is no way to restore an account with 2FA. if you lose the keygen you lose access to the account, breaking 2fa for reset undermines account security.