Man has two guesses to unlock bitcoin worth $240m

I forgot my bitcoin password just last week. All I had to do was click on the "forgot password" link, answer the security questions, and set a new password. Like any other online account.

So I guess I don't understand what all the fuss is about. Did he forget the answers to the security questions, too? He should be able to call customer service. They'll have him scan and e-mail a copy of his driver's license or something.

There's always a way to recover your password.
 
wilburbear said:
So I guess I don't understand what all the fuss is about. Did he forget the answers to the security questions, too? He should be able to call customer service. They'll have him scan and e-mail a copy of his driver's license or something.

There's always a way to recover your password.
More...

The password might not be recoverable.
https://www.bbc.com/news/technology-55645408
He stored them in an IronKey digital wallet on a hard drive.

And he wrote the password on a piece of paper he has lost

After 10 failed attempts, the password will encrypt itself, making the wallet impossible to access.
More...

giphy.gif
 
wilburbear said:
I forgot my bitcoin password just last week. All I had to do was click on the "forgot password" link, answer the security questions, and set a new password. Like any other online account.

So I guess I don't understand what all the fuss is about. Did he forget the answers to the security questions, too? He should be able to call customer service. They'll have him scan and e-mail a copy of his driver's license or something.

There's always a way to recover your password.
More...

On a website that has been coded for this function, yes. For a USB drive, I'm not so sure. Maybe that is a selling point for IronKey. Very difficult to recover a password.
 
wilburbear said:
I forgot my bitcoin password just last week. All I had to do was click on the "forgot password" link, answer the security questions, and set a new password. Like any other online account.

So I guess I don't understand what all the fuss is about. Did he forget the answers to the security questions, too? He should be able to call customer service. They'll have him scan and e-mail a copy of his driver's license or something.

There's always a way to recover your password.
More...



obviously, he didn't know the answer to the security questions.
 
Personally, I have

more than 50 IDs,
more than 50 passwords.

And the passwords come in various forms sizes, patterns
some 6 characters
some only numbers
some must have numbers & letters
some must have min 1 upper case and 1 non number/letter

WORST, passwords have to be changed and changed every few months
and cannot be recycled



I don't know how many security questions I had set.
I don't know what security questions I had set.
I don't think I know the answer to the security questions as the questions were mostly
not set by me.

damn scary. I'd better clean up my mess.

Also, I'd better don't open a digital bank account.
 
maxinger said:
Personally, I have

more than 50 IDs,
more than 50 passwords.

And the passwords come in various forms sizes, patterns
some 6 characters
some only numbers
some must have numbers & letters
some must have min 1 upper case and 1 non number/letter

WORST, passwords have to be changed and changed every few months
and cannot be recycled



I don't know how many security questions I had set.
I don't know what security questions I had set.
I don't think I know the answer to the security questions as the questions were mostly
not set by me.

damn scary. I'd better clean up my mess.

Also, I'd better don't open a digital bank account.
More...

Yes, maybe. I guess it depends on how valuable access to the sites is.
 
JSOP said:
is still too steep. He should do it for free or charge the standard rate, what is it? $25 per hour? Should the value of what he will be retrieving for his "client" matter? If so, then he should do it for free for somebody who just needs to extract passwords to an ordinary Word document from his hard drive because 10% of 0 is $0. What if he didn't know what he will be retrieving from the guy's hard drive? It could be passwords to anything. Just because now he knows how much what he will be retrieving is worth he is entitled to charge an astronomical fee?
More...
Nonsense.
 
maxinger said:
I don't know how many security questions I had set.
I don't know what security questions I had set.
I don't think I know the answer to the security questions as the questions were mostly
not set by me.

damn scary. I'd better clean up my mess.

Also, I'd better don't open a digital bank account.
More...

I have several hundred accounts in various places, and what I do to manage them is
  • In a strongly-encrypted file, backed up in multiple places, I store individual web sites and their security questions with strings of random characters to represent the user ids (or the actual user ids when appropriate), passwords and answers to security questions.
  • For the actual user ids, passwords, and security question answers, I use a unique hash function roughly similar to the one in https://www.elitetrader.com/et/threads/malware-warning.349544/page-5#post-5193269 on the corresponding representations. Since the hash function has a unique, secret key, it also needs to be backed up to multiple places as a strongly-encrypted file.
  • When the hashed data isn't quite good enough for the account (e.g., website requires a special character my hash function doesn't output), the strongly-encrypted file also stores the extra characters needed.
  • When the hashed data is too complex for the website (e.g., required to be all numbers), the strongly-encrpyted file has small scripts to simplify the data (e.g., tr '[A-Za-z]' '[0-90-90-90-90-90-9]').

This reduces the number of passwords I have to actually remember to a small number and lets me have unique, strong passwords for every website I have an account with.

To solve the issue of passwords required by my employer to be changed every 90 days or so, I retired.:)

Before doing all this, my password management was more like:
200.gif
 
Last edited:
You must log in or register to reply here.
Back
Top