Author Topic: If account names are not transferable, what happens when wallet is compromised?  (Read 5000 times)

0 Members and 1 Guest are viewing this topic.

Offline fussyhands

  • Full Member
  • ***
  • Posts: 109
    • View Profile
Compromised accounts should be revoked, once we build that feature

Sent from my SCH-I535 using Tapatalk

How would that work?  Would the revoked account name be lost forever?

Offline fussyhands

  • Full Member
  • ***
  • Posts: 109
    • View Profile
you can move the wallet backup JSON file and import it there ... a keylogger alone does not compromise your funds. .

an attacker needs the passphrase AND the wallet .. .. in that case you can only safe your funds .. not the names ..

A keylogger implies access to your computer which means access to the wallet and the wallet should be assumed to be compromised.

Offline fluxer555

  • Hero Member
  • *****
  • Posts: 749
    • View Profile
If BM and the dev team really don't want account transferring, perhaps they could implement an 'account burn' feature, which allows you to permanently disable an account from sending/receiving/transacting. Any person attempting to send this account funds would get their funds sent back, with the memo that the account burner used in their burn transaction.

On second thought, maybe the memo feature would be too useful to an account hacker, eg "btercom has a new address, please send funds to xxblademasterxx for all future deposits instead."

Offline toast

  • Hero Member
  • *****
  • Posts: 4001
    • View Profile
  • BitShares: nikolai
Compromised accounts should be revoked, once we build that feature

Sent from my SCH-I535 using Tapatalk

Do not use this post as information for making any important decisions. The only agreements I ever make are informal and non-binding. Take the same precautions as when dealing with a compromised account, scammer, sockpuppet, etc.

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
So that means any compromise, or suspected compromise of my wallet results in loss of my account names forever?

Isn't that a problem, if people out in the world still have my account name and are sending money to it?

Should I only use account names on cold storage?
you should:

have one major account name ie "foobar" (in coldstorage !!! )

you only work with subaccounts .. ie. main.foobar .. home.foobar .. wife.foobar ..
lost keys there can be "updated" (in some sense)

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
you can move the wallet backup JSON file and import it there ... a keylogger alone does not compromise your funds. .

an attacker needs the passphrase AND the wallet .. .. in that case you can only safe your funds .. not the names ..

Offline fussyhands

  • Full Member
  • ***
  • Posts: 109
    • View Profile
So that means any compromise, or suspected compromise of my wallet results in loss of my account names forever?

Isn't that a problem, if people out in the world still have my account name and are sending money to it?

Should I only use account names on cold storage?

Offline emski

  • Hero Member
  • *****
  • Posts: 1282
    • View Profile
    • http://lnkd.in/nPbhxG
I don't see what you can do for the username unless functionality to create new owner keys is created.
Which will essentially enable account trading.

Offline fussyhands

  • Full Member
  • ***
  • Posts: 109
    • View Profile
What if I discover that I had a key logger on my hot wallet machine.  My wallet can no longer be trusted so I create a new one.  Is there a way to move the account names to my new wallet, or are they lost to humanity forever?