I finally enabled two-factor authentication on my Cryptsy account this morning. So anyone looking to steal all my Devcoins will first have to get a hold of my tablet PC. Usually when I enable two-factor authentication I also change the password as a way to start fresh with the added security measures.
Today was also my day to trade some Devcoins for Bitcoin and then sell them for fiat. In the process of gathering my crypto funds from their various services I decided to spend a bunch of my investment Devcoins, so I requested two withdrawals–one for the Bitcoin I was going to cash out, and the other for the Devcoins I was going to spend.
It was in the middle of doing the above that I changed the password and enabled two factor authentication.
And my withdrawals remained pending for hours and hours. Normally I’m used to Cryptsy processing them within minutes, so I sent them a support ticket inquiring about the reason for the hold up.
It turns out that Cryptsy puts an automatic twenty-four hour lock on an account whenever the password is changed. The user can still trade, but withdrawals do not process until the lock is lifted. If I had realized that, I would have waited until after my withdrawals processed before changing the password.
I asked Cryptsy if they could manually override the lock on my account, but there is no way. I just have to wait it out.
In light of recent breaches of security in prominent websites, I really can’t complain about Cryptsy putting a lock on my account. I am sure that if someone did manage to brute force their way into my account (before I had enabled two factor authentication), then changed the password as a way to lock me out, I’d be very appreciative of having twenty-four hours in which to respond before the hacker could empty out my balances. I hope Cryptsy takes its own central security equally seriously.
Fortunately, other than having to wait to do something I was hoping to be done with by now, it’s not a major problem having to wait on my withdrawals. I can just as easily accomplish tomorrow what I was going to accomplish today. I am taking note for the future, though. Change the password only after I’m done for the day.
It has been observed that more often than not, whether it’s a home or car alarm system, two factor authentication, or US Know Your Customer rules, security measures inconvenience the customers. For every thief that is deterred, there are probably hundreds or thousands of customers who get inconvenienced. Just having to use valuable storage space and memory on my tablet to have the two factor authentication app is a case in point. Because hackers have in the past succeeded in forcing their way into someone’s account, I now sacrifice valuable resources in order to protect my accounts against such attacks. Or I do the wise thing and change my account password and then have to wait twenty-four hours for my withdrawals to process. Darned hackers!
Next week I will hardly remember this minor bump in the road, other than to make sure I don’t change my password at the wrong time again. I bet a lot of Mt. Gox and other hacked sites’ customers only wish a twenty-four hour lock was the worst of their problems.