Stolen Coins

[WickedGarden]

I learn the hard way yo have 260 coins moved out of my account by an unknown user: 6428805649511785699

Not impressed, I gather my pass phrase was not complicated enough? Disappointed, would nice to have some method of flagging the criminal and obtaining them back. I think not? If anything we can flag 6428805649511785699 user as a coward and a criminal.

Watch out nexters? It may take me some convincing to come back to this altcoin?

[achim]

How long was your password, and was it random letters or a plain word? Could you tell us the phrase? It is of no use anymore if your NXT are already gone (unless you use it for other services, the you should immediatly change it everywhere you used it before!)

Please take a look at this:

http://wiki.nxtcrypto.org/wiki/How-To:GenerateStrongPassword

[^[GS]^]

I'm afraid there is no way to recover the theft.
There must be some way to prevent recurrence of such situations. :S

Perhaps two passwords. master password and then a shorter password that is not sent to any server, but it is operated as a private key for encryption of the first.

[WickedGarden]

I agree that there should be an improvement over the passphrase system. My passphrase was complicated enough but who knows it could of been stolen from somewhere else. I have changed anything that resembled it.

I may try next again once I regain some confidence.

Thanks for the replies. 

[stoneantelope]

I agree that there should be an improvement over the passphrase system. My passphrase was complicated enough but who knows it could of been stolen from somewhere else. I have changed anything that resembled it.

I may try next again once I regain some confidence.

Thanks for the replies. 

What was your passphrase?

[Shin]

Never give away your passphrase. Ever. Wether it has been compromised or not.

Instead give a characteristic, if you must. Something along the line of, it is 32 chars long, consists of 6 capitals, 5 numbers, 7 special characters, and 4 whitespaces. This gives a good indication of how strong your password is.

[achim]

A dev is already building a NXT client with wallet.dat approach (forgot which one). You generate a password, and the client stores a long and secure private key locally, encrypted using your password.

If a hacker wants your account, he would have to break into your system and steal your wallet.dat plus your password. Similar to bitcoin.
In NXT, both methods are possible: Only brainwallet, or brainwallet plus local wallet.dat

Please everyone note the following: This will be a tradeoff. If your Notebook explodes and you didn't backup wallet.dat, all your NXT will be gone. The brainwallet approach NXT uses gives you the possibility to be independent from a wallet.dat. If your house burns down, you can still acces your NXT, if you can remember a long password

[achim]

And the most important!!:

BCNext protects us against the key disclosure law with brainwallet approach:

http://en.wikipedia.org/wiki/Key_disclosure_law

[achim]

The purpose is to allow access to material for confiscation or digital forensics purposes and use it either as evidence in a court of law or to enforce national security interests.

They can confiscate a wallet.dat, but they can't confiscate your brain

[Aditer]

I'm using KeePass. I could save all my Nxt passwords (unique, long and safe) in one place, backup this file, etc.

[WhiteCracker]

Hello,

I have your coins. Your pass was very easy one. If I am able to find your password even with my very limited skills, it will be only a matter of time until somebody not so "kind" will take your coins.
Please post your new account number based on really strong password and I will send your coins back (-2 Nxt for transactions).

Sorry for the inconvenience, it was just for your good :-P

[WickedGarden]

I appreciate them being returned:

16034760944529799990

Lesson learned!

[WhiteCracker]

Returned...

Transaction id: 362532989247543597

Have a nice day!

[stoneantelope]

Returned...

Transaction id: 362532989247543597

Have a nice day!

wow, very impressive sir