Silk Road forums
Discussion => Silk Road discussion => Topic started by: fingertothefbi on February 01, 2013, 06:45 am
-
There's now a forgot password option, you click it it asks for your pin and username.
Any opinions about this? I have mixed feelings
-
also seems sketchy to me, you never give out your pin
-
This is new to the page from HRS ago...I just checked and its gotta be a PHISHing cause its asking for pin
-
NEVER EVER GIVE UP YOUR PIN...
p,s my pin is 4214
JK!
-
It's not phishing -- astor tried it with a throwaway account and said it worked fine.
-
Scout
did he have 100's of bucks to be stolen also?
-
Not sure about that. I do wish we'd get an announcement for changes like this. Sent DPR a message to double-check -- I'll let you guys know if/when I hear back.
-
Yeah, I think we should definitely get announcements for any SR change directly from DPR. Thank you Scout! [clicks "notify"]
**--> OH! Also, a little suspicious to me that that new thread about that Sheep Marketplace website opened up about an hour and a half before the new Forgot password function was made available...don't you think? idk. guess we gotta wait for that message from DPR.
-
Not sure about that. I do wish we'd get an announcement for changes like this. Sent DPR a message to double-check -- I'll let you guys know if/when I hear back.
if this is legit, there needs to be a second pin specifically for password recovery. You should have a seperate pin for purchases, and one for recovery. That would be a really easy solution, and the recovery pin should only be displayed upon registration(or whatever condition you guys want to make it unretrievable and displayed once, so you have to write it down).
-
For me it makes it too easy to hack an account, if you have someones user name you can try different pins till it works you could do this over a period of a few months so that it doesn't raise suspicion.
Or maybe I'm just paranoid.........
-
This seems like a step down as it is lowering the requirement for account access from password to pin. Unless you have a very long pin number. I assume you only get one chance to attempt the PIN? I dunno. It just seems like previously to use someone's account you'd need both password and PIN. Now you just need PIN?
I'd also be interested to know how many people use a 4 digit PIN just because of the association with ATM PINs.
If you have been careless enough to allow an adversary to sniff out your real life identity they now have two chances to access your account: guess your password and guess your PIN.
(if I have understood the system correctly?)
To be honest you shouldn't be forgetting your SR password really should you?
-
This is legit -- confirmed with DPR today that he added this feature.
-
This is legit -- confirmed with DPR today that he added this feature.
can you please mention my secondary recovery pin idea to him?
-
This is legit -- confirmed with DPR today that he added this feature.
can you please mention my secondary recovery pin idea to him?
You can message him! Let him know your concerns.