Status as of Sunday, October 29, 2017

Discussion of development releases of Prohashing / Requests for features
Forum rules
The Development forum is for discussion of development releases of Prohashing and for feedback on the site, requests for features, etc.

While we can't promise we will be able to implement every feature request, we will give them each due consideration and do our best with the resources and staffing we have available.

For the full list of PROHASHING forums rules, please visit https://prohashing.com/help/prohashing- ... rms-forums.
Locked
User avatar
Steve Sokolowski
Posts: 4585
Joined: Wed Aug 27, 2014 3:27 pm
Location: State College, PA

Status as of Sunday, October 29, 2017

Post by Steve Sokolowski » Sun Oct 29, 2017 11:31 am

Good morning!
  • Today will see the release of a new "password reset" feature, which we hope will significantly reduce the number of support tickets. There is a new "password reset E-Mail address" in the "Security" section of the "Settings" page. By default, it is null, which means that password resets are disabled. If you want to allow yourself to reset your password in case you forget it, enter your E-Mail address in the field. Users who forget their password can click the "Forgot" button in the "Log in" dialog and enter their usernames and E-Mail addresses to receive a recovery message. The user then clicks on the link and enters the "recovery code" that was displayed on the reset dialog along with the two-factor authentication code. The recovery code prevents someone who is reading a stolen E-Mail account but who doesn't know that the E-Mail user has a Prohashing account or the Prohashing account's username from being able to steal money.
  • Once the new password reset process is released, the old process will be eliminated. Users who requested resets using the old process before the release date will still have the resets honored, although they will be low-priority tickets. After the release, users who choose not to enter an E-Mail address, or who enter an invalid address, may not reset their passwords under any circumstances.
  • The security enhancements have allowed us to reduce the number of invalid password attempts from 262,000 on October 20 to 2100 yesterday, a 100x decrease. At this point, we feel confident enough in security to be finished with that set of features and able to move on to the next set of tasks. That next set of tasks is to improve the money handling code to better account for error conditions that cause losses of profit or which result in support tickets.
  • As a hard reminder to never reuse passwords on multiple sites, a database of usernames and passwords from Bitmain arrived on the Internet, and there was a large number of invalid password attempts within about 12 hours after hackers bought it.
Locked