How difficult would it be to spoof steemconnect? I see a pop-up that looks like steemconnect and I insert my key. Next thing I know, it does nothing and it's too late to revoke it. I HATE using my actual steem keys all the time.
You are viewing a single comment's thread from:
Yeah, I understand the point. But actually even this is fairly difficult because the popup will show the URL with the cert, and you can be sure that if you trust steemconnect, it is fine.
But anyway, we are discussing it.
IF everyone is careful and not in a rush.
It is too easy to get careless and lose everything. I prefer to be paranoid about such things.
If you have steem keychain or any other way of assigning posting auth temporarily, I have something for you if you haven't voted already. See here
Looks interesting, but what do we do with it? Not all of us are coders.
Do you use steem keychain? The first step has a link where you can add the posting authority as in the screenshot. Otherwise, I would need to dig into alternatives for doing it (if you already trust steemconnect you can just use steemconnect though)
There's no code involved, just button presses. Any particular step that is not clear? I can fill in more details. Or would be good to see a video of someone doing it... Hmm.
Posted using Partiko Android
Does EVERY field need to be filled in or just some fileds on that sheet with all the code? I do use keychain, but wouldn't it be simpler to modify the Dpoll itself so that IT uses keychain?
No, just need to fill out the part I screenshotted and hit the button. That site is just a helper to trigger the keychain functionality.
About modifying dpoll, I took a brief look but it's fairly difficult as @emrebeyler can also tell you. The tricky part is synchronizing the blockchain comment action and the internal database that is the current source of truth for the tallies. It's on the issue tracker but needs some thought on how to do it properly.
Posted using Partiko Android
Update here... @emrebeyler implemented it on keychain fairly quickly :)
Once your keys are entered to Steem Connect, you do not need to re-enter them.
Connecting somewhere else, the site should be verified by Steem Connect.
Any site asking for your keys to be re-entered should never need your aster Key. The majority should not need your active key.