this post was submitted on 27 Aug 2023
290 points (92.9% liked)

Privacy

31872 readers
429 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Hello nice people,

I've been using NiceHash app for some time 5-6 years ago. (It was a simple app for mining cryptocurrency and you get paid in bitcoin on their wallet, then you could transfer bitcoin to another wallet.) It was working fine until they got hacked (or fooled us) and lost all crypto. Luckily I didn't loose much like some guys did. I decided not to use the service anymore and I'm still receiving stupid e-mail newsletters. I tried to unsubscribe and It asks me for login, I know password, but don't have 2fa anymore. Also I don't have backup 16 words.

Now support told me that this is the only way and I feel ridiculous about taking selfie just to unsubscribe. Am I protected against this somehow? I live in Europe and I think Nicehash is located in neighbourhood.

And of course I never wanted to subscribe...and I don't think I ever verified account with a document.

What are my options other than just filtering that shitty domain as spam?

edit: typo

you are viewing a single comment's thread
view the rest of the comments
[–] vox@sopuli.xyz 4 points 1 year ago* (last edited 1 year ago) (1 children)

well at least they provide this as an option. usually if you lose your 2fa, hardware keys (such as android phones) AND recovery codes, your account is gone. period.
there's literally no other way to confirm your identity without something like id or a credit card if your credentials are gone.

[–] ReversalHatchery@beehaw.org -2 points 1 year ago (1 children)

Email is a perfectly fine second factor for recovery, at least when it was unchanged for so many years

[–] kevincox@lemmy.ml 6 points 1 year ago

That is your opinion. Personally if I have a password + 2FA configured for an account I don't want anyone without access to those two things getting in. Ideally this would be configurable per-account, this way people who are fine trusting their email can do that and those who aren't can not allow that.

But it is a question of security versus access. Some people would rather lose access to an account than give someone else access.