Note about password recovery services
Posted: Mon Oct 23, 2017 8:08 pm
Hi,
Recently, we've been starting to receive a lot more password reset requests than we used to - they now comprise almost 70% of all tickets. As a result, we temporarily plan to lower the priority of responding to password reset E-Mails until we can get a better handle on how and if we can resolve this problem permanently.
One of the obvious ways to deal with the issue of password resets is to require E-Mail addresses, but that introduces a vulnerability into the system of hackers being able to hack someone else's mailserver and send a reset request. Another issue is that collecting E-Mail addresses subjects us to the Child Online Privacy and Protection Act, with its expensive requirements of making sure that we ban users under 13 because we cannot legally collect their personally identifiable information.
Chris does plan to get to the password reset requests eventually, but we will be prioritizing older issues in the support ticket system first. I apologize to customers who will be negatively affected by this prioritiziation, but it's important that we resolve issues that we caused first, like balance investigations. We do want to respond to all tickets, but until we can get additional help, this type of ticket is of the lowest priority.
As with two-factor authentication, in the high-security cryptocurrency environment, customers are ultimately responsible for their own security, which means using unique passwords on every site, making sure they are not lost, enabling two-factor authentication, and making sure your authentication device is backed up. Additionally, we recommend blocking Tor access to your account for added security.
Thanks for your understanding,
-Steve
Recently, we've been starting to receive a lot more password reset requests than we used to - they now comprise almost 70% of all tickets. As a result, we temporarily plan to lower the priority of responding to password reset E-Mails until we can get a better handle on how and if we can resolve this problem permanently.
One of the obvious ways to deal with the issue of password resets is to require E-Mail addresses, but that introduces a vulnerability into the system of hackers being able to hack someone else's mailserver and send a reset request. Another issue is that collecting E-Mail addresses subjects us to the Child Online Privacy and Protection Act, with its expensive requirements of making sure that we ban users under 13 because we cannot legally collect their personally identifiable information.
Chris does plan to get to the password reset requests eventually, but we will be prioritizing older issues in the support ticket system first. I apologize to customers who will be negatively affected by this prioritiziation, but it's important that we resolve issues that we caused first, like balance investigations. We do want to respond to all tickets, but until we can get additional help, this type of ticket is of the lowest priority.
As with two-factor authentication, in the high-security cryptocurrency environment, customers are ultimately responsible for their own security, which means using unique passwords on every site, making sure they are not lost, enabling two-factor authentication, and making sure your authentication device is backed up. Additionally, we recommend blocking Tor access to your account for added security.
Thanks for your understanding,
-Steve