How do you login to Hive App Sites?
Choose the primary method you use on the poll.
Post Update Upon Receiving Some Comments:
It was pointed out to me in comments on this post, that I overlooked PeakLock/PeakVault on the poll list, my bad, oversight, write it in below in the comments if you prefer it. Sorry about that, PeakLock guys. I am not able to edit the running poll to add it, but I also understand this keyset may only work on PeakD products? Please elaborate in comments to fill in missing information here or incorrect information about Peak key tools.
Also, I was shown an excellent option I am now investigating for integration called the Hive All In One Auth tool, which will solve the code problems shown below in this post, on my side, and still allow users to pick any kind of Hive auth tool for themselves that exists as far as the makers of HAIOA are aware of, and allow customization to add more yourself if they miss one or haven't added it themselves yet or whatever.
I know that in our eco-system, the developer skills of the app builders range from expert to people who never even did any HTML markup before building their things.
As a result, they often will use whatever key auth method they can figure out, or conversely go all the way and integrate ALL the login tools we have available.
This means that as users, we have to set up our Keychain extensions, our HiveSigner logins, Our HiveAuth mobile installs or Keychain Mobile installs, etc. In order to be able to login to all the things using whatever methods the app allows or accepts.
In general, making apps that use all the potential login methods that exist when you make your app is probably the right answer, simply because you don't want to lose users to not having the right key management tool installed or setup or signed up for or whatever.
But as an app developer, I will share this insight into our work. For every kind of key auth signin tool we support, we have to duplicate the login/logout/signup/register and events such as posting or voting or commenting to every single one of those.
This leads to time consuming code creation and testing, delaying new features to some degree. It also means there could be differences introduced into the code causing different results depending on the keychain you logged in with, and the ensuing version of the sites internal code that it runs as a result.
It means that you have to do an extraordinary amount of work to make methods in multiple versions, compared to an old school website "name and password" site-wide login that only required one method of checking user authenticity before sending that photo of your kid to his grandma on Facebook.
It's familiar and easy. We can't do that here, because we're dealing in money and privacy and all the blockchain/crypo things, so of course, we also have multiple vectors to managing your keys and identity info on the chain. As it SHOULD be...
But because of all that, right now to support everyone, for logins and chain based activities on our apps, we have to write code that does stuff like this:
if(keychain){
// do keychain things
} else if (HiveSigner) {
// do hivesigner things
} else if (HiveAuth) {
// do HiveAuth things
} else if (Enter your username/key local auth)(
// do even more things and ways,
// this can be risky for all,
//because now some app you may or may not be able to trust, has your keys
} else if (whatever_else_comes_next) {
// whoever makes the next key/wallet, like the guys working on MetaMask integration now
} else {
// this could literally extend forever as new key management things come to life
}
So I am curious, is there a clear leader in auth tools here, and is it even worth it to code and support for the others anymore? Would an app survive if it simplified itself to a single Authentication mechanism?
What do you think? Tell me in the comments, but vote for the one you prefer and would like to use everywhere if you could.
It's just a thought experiment. It's clear I will have to support them ALL in my App builds, though I will never support the direct entry of keys into app sites, as I personally do not want to be responsible for your private keys and don't want to be accountable for their management and handling in my software.
So whatcha thinkin', y'all? Let me know below!
Developer: Dead Follower Tools & When Lambo?
@SirCork
Founder & Developer: @HiveStreams
@PolleNation Hive Witness Partner
Co-Founder: @YouAreHOPE
Join the Hive Pollen Nation!
Join the PolleNation Discord
We appreciate your support! Vote @PolleNation as your witness.
Hey if you like this stuff, vote for our witness @pollenation ! That surely would help!
Personally, I only use HIVE KEYCHAIN, it's near perfect.
Personally me too, but we're just a couple of knuckleheads amidst a few thousand daily active users. :)
I didn't know keychain is so unpopular, they don't know what they're missing!
LOL, can't tell if sarcasm or...
Per the poll, its 10 votes KC, 1 sarcastic vote from por500bolos for enter your key (he makes jokes, in comments and so on, so I know that vote is him being silly) and no votes for any of the others.
So KC is clearly the one, as well it being the one everyone immediately demanded for hivestreams.live when I launched with only hivesigner because it was easy and KC was very hard for me to implement quickly.
I read this as if there are only a few thousand keychain users. Seems like there would me much more.
My dude, there are only a few thousand active Hive users. But don't think about that, it's depressing.
Yeah, that is depressing. I like my fantasy version of HIVE better: there are millions using it, serious competition to "X" formerly twitter. Elon is so jealous, he bought millions and millions of HIVE at twenty cents, now it's $300 and he's a mega-whale upvoting all the best legacy HIVE bloggers, and the the millions of new HIVE users are complaining about it. Did you hear you can buy Tesla's with HBD? Elon has declared HIVE the official currency of Mars.
I asked the creators of keychain why the code points to a Google Analytics tracking code and to this day they have not responded to me.
You can enable data usage analytics in keychain, I would venture a guess that this is why Google Analytics tracking code is there.
The multiple ways of signing in are a pain in the ass. I wish everyone would agree to just one - the original way :)
Honestly just one way would be way too centralized. But one way to use ALL the ways, thats a good goal and its been met, evidently or so I learned today in other comments here on this post, with the Hive All In One Auth tool. I am investigating it as we speak.
That's not centralization. It's more doors going to the same place and more chances of vulnerability. You also have risks due to trust as you don't know could potentially be a bad actor hoping you'll input keys.
All we can do is rely on the fully open source options so they can be 100% publically validated as non-invasive and non-data-retentive.
That's a whole lot of work for most people considering thousands are getting scammed by bad actors in the sector every day
Aioha is exactly what you're looking for. No need to go through the docs for 5 different providers to do the same thing, the library will handle it for you.
There is also a ready-made login UI if you're using React to quickly bootstrap your application.
Wow, that does seem at a glance, like exactly the solution to this problem. I will certainly investigate it further.
This is why I made the post, to learn things!
I do use react/react inertia, so that's good.
Thanks!
I'm sold out for it, I am going to use it but I am building with NPM and Vite, not PNPM and webpack.
Do you have a regular NPM flavor? Or instructions to build without npm and webpack?
Replace all
pnpmcommands withnpm. There are Vite/Rollup instructions in the docs.Fabulous. I had gone to github, etc, and perused the docs, but missed any npm / vite info, I will look there again and thank you very much for the answer AND the tool, it going to save developers so much time and I will be telling everyone I know in the dev community to consider using it!
HIVE KEYCHAINhiveverse as far as we are concerned. is the best #hive #wallet out here in the
People don't think the hiveverse bee like it does, but it doobee.
Yeah, for me the clear leader in auth tools here is "Fuck 'em all!"
Everyone should use solely their "Posting Key" only through Ol'Skool fashion methods from Beem, any old CLI tool for Hive or exclusively writing down their Posting Key manually from memory on the GUI of the website as we did it back in the days around 2016.
Don't forget it, only use your "Posting Key" for everything. Any other of your keys like Master, Active, Memo, etc. must be used exclusively from within your wallet and solely to make financial transactions. To post, vote, comment, reblog and interact within any platform, you only need to be logged in with your Posting Key, period.
Ok, tell me your private posting key from memory without using your notes. Be sure to type it clearly in the comment below!
JUST KIDDING! :)
I would, because I trust you. But now I'm really about to go to bed. ;p
It's so good to see you @sircork thinking outside the box again. I can not tell you how many times I have been a little phased by the numerous login methods when signing up to a new Hive dApp. I guess choice is nice but sometimes simplicity is nicer.
I think this is a really helpful conversation you have provoked here. Personally a one login method for everything would be easier. This is exactly why I use PeakLock, because once set up all you need is your pin number, which makes it much quicker to login. Can I ask by the way why you didn't include PeakLock?
However, with your poll, as Peak Lock wasn't there, my preferred method would be a single use authorisation mechanism, using name and password/key. I think there is a common sense argument here for that.
If I'm not mistaken, I believe PeakLock is just a thing working only for Peakd.
Yes, you may well be right there. I will tag @sircork to let him know.
I think it is currently true, but I'm in their discord and I am pretty sure in my travels, I have seen they are expanding that to be a full blown key thing for any hive site. Not speaking for them, just seems like I vaguely recall seeing it along the way somewhere.
I wonder if I can add Peak Lock, I learned in comments here, that there is a one-tool-to-rule-them-all I can put into my code to use ALL the keychains and they will maintain all those if/then clauses I illustrated FOR me AND the users. I will probably integrate it soon.
Let me check if I can add PeakLock, its just not one I hear very often and it slipped my mind when ripping out the post like I do, quickly and without a lot of planning :D
let me know if it works, feel free to tag me dude.
Join us here in the HiveStreams.Live discord to be one of the first to know!
oh thank you for the privilege, going on now!
It has been a long time coming, yet only recently has HIVE Keychain been installed in my Brave browser as an extension. Before that HiveSigner was my main login vehicle, yet it was suggested to me that it may not be as secure as HIVE Keychain. Can't verify that yet it was enough for me to install Keychain. My finding is that it makes login even more seamless once set up.
Both are 100% safe, if you'll take my word for it as a 3rd party who investigated them before using them with my own project's accountability and credibility and liability and well, all the various shitty ity's for using them at stake.
But I use Keychain on the daily myself, because its fastest for me to switch from SirCork to HiveStreams, to PolleNation and back again. HiveSigner does that too, but it's extra clicks. We like saving clicks! #SaveTheClicks!
But I was told about HAIOA today, Hive All In One Auth - that makes it so you can pick ANY of the available auth tools on hive, and it solves the code duplicity problem for me as an app builder by giving me one auth engine to talk to, and it does the rest with the rest of them for me.
As I keep saying everywhere, built in hive, with the hive tools available to us, and this fits that bill perfectly. When I can outsource to another hive dev project that solves a specialized problem like auth or tipping, I am not going to reinvent those wheels - for now anyway, unless my future interface and user simplicity demands and requests require it.
#MadeWithHive #MadeInHive
That's how this is gonna roll :)
Thanks for responding!
Seems a sound approach. Thanks for your review of HiveSigner. Thought there may have been a password of mine sitting on some centralized server somewhere.
Nah, it just users browser based javascript to push things around. I cannot say for 100% certain they don't nefariously save them, but they have years of credibility for not breeching trust on that front, so I really don't think they do, and there is no evidence in the console of the JS doing any kind of backend call to their side to stash anything it knows from your side.
Should be fine? No suing me if I am wrong some day!
No worries. 😎
Hey this prompted me to go re-think my answer.
Using HiveSigner to login is as safe as I said. But there's a but...
But if you choose to make a HiveSigner password and save your info with a hivesigner password and login name in front of it, then yes, they would need to save your keys. I have done so, and use it that way in my development testing and before I too, became a Hive Keychain browser extension user for its less clicks and more convenience to do the same thing.
In both cases, if you choose to make a login and retain your information at HiveSigner, you are trusting them with your keys, just like if you sign into Hive.Blog "manually" and directly with your Hive name and private key in their login form on-site.
In Keychain, this is the "the don't prompt me again" checkbox you can choose, but their code is ALL browser side, so they retain in your computer on your side, which can certainly be a risk on publicly accessible machines if the user is sloppy or not careful to logout of the site and keychain account they checked that box on that they are using but in general for personal use computers at home that aren't at risk of the next person after you using them, its no big deal for your own personal browser to cache things like this. It does it with your brick and mortar bank login, after all...
No hivesigner "save my stuff for later" login established, you will be asked every time you make a chain action happen.
No Keychain "Don't prompt me again on this site" checkbox? You'll be asked every time you make a chain action happen.
But both offer options, you can choose or not choose to trust, that do in fact open the keys up to some risks.
Actually, as I think about it and poke around the source code on github for their own site UI, which is published (a key trust indicator itself) they may save them in your browser too, and not in a database on their backend, and that means they would clear out if you clear your browser cache and you'd have to start all over at HiveSigner and set up your key in there again when you do that. Honestly, I am not clear here, but I still think its fine - in regard to HiveSigner, to use them all the same.
I needed to make sure I added this stuff. But I still think both are from solid people and teams, that have ZERO intention of doing anything malicious to their users. They have too much at stake themselves, invested in development time and personal reputations not to take this very seriously here.
Found it straight from the developer/creator's mouth:
Even if you "save" them, I was right in my musings, its all browser side, they know nothing on their side about your private keys ever.
The truth is I use keychain for everything, but I have serious concerns about other sites like hivesigner if one day they are abandoned and it is somehow possible to use those services to phishing other people's keys?
I have always had that doubt, that the service is deprecated and some script kid takes over the posting and active keys of users who still use those services, that can happen.
I don't live in fear of that risk myself, because that isn't how HiveSigner works.
All these tools basically pass your information through to the chain and leave it at that, and in the past I used to audit new keytools for Steem back in the day, but I sort of quit doing that because no significant new ones showed up for a long time, then when they did, they came from some of the most well-known, "esteemed" code creators in the ecosystem so there wasn't too much to worry about.
But I do have concerns when I am asked to enter my keys into an unknown entity and as we grow, there will surely be more unknown entities and nefarious actors in the mix.
It's right to be cautious, but it's also generally possible to know if you are giving your keys to someone who will retain them and know them or not, by investigating how their signing processes actually work.
Of course, that can take some technical know-how or trust in the keychain manufacturer so yeah, it's a tough situation, that's why I made the poll :)
Thanks for answering it!
Yes, the fear that they will somehow keep the keys always persists. I recently read that through the Google Chrome json there was a vulnerability (which has already been corrected of course), in which a backport was created that allowed you to read all the information of the extensions that you used in your browser. And as a result of that, I monitor all the activity on my PC with great paranoia. I have been a Linux user for years and I know things better than the average user.
TYou are absolutely right, fortunately you are one of the coders I know and you give me more confidence, I have been following what you do for a long time (out of curiosity, don't think that I am your stalker haha =D). I like you since I shared your opinion in relation to those +20,000 HBD that were given to a person who has a blog with 40 hp or something like that, that seems completely absurd to me.
Thanks :)
I am pretty sure, if I recall 6 or 7 years ago correctly, that this particular incident was about Ned giving his new girlfriend a huge setup on her brand new account, which was full of Instagram style selfies in wealthy people places, not actually effort-taken-content and it all just seemed so ridiculous back then.
That said, I honestly was more going after Ned at the time, than the hapless girlfriend of his. Mostly for other reasons than using his stake however he wanted to use it, which I am all for, for everyone here, in general. Freedom with your choices and money are the name of the game for sure!
But yeah, that case in particular was pretty absurd to do as the CEO at the time and the public face of the chain back then. But he was always absurd and pretty ridiculous in his immature choices. So it goes. :)
I am referring to Arlete Salas, who recently financed an impressive amount of hbd for an event...I have serious doubts about that.
Oh and to mention that I also like you because we have @por500bolos in common, my dear crazy old man whom I admire very much (he is one of the very rare unicorns that there are here in hive, it should be protected as cultural heritage of humanity and hive, I think we should dissect him when he ceases to exist and put his memory in an AI)
Hey! for you both pair of hippies!!
Ah @por500bolos - we don't need an AI of him, he is already unforgettable, mostly because he himself won't let anyone forget him! 😄
I appreciate the kind words!
Well, I always say that I'm going to dissect him when he's no longer with us, I'm looking for some way to preserve his brain 😄
I wrote this for @novacadian but I am reposting it under your thread too, so you don't miss my important afterthoughts and extended information here:
Hey this prompted me to go re-think my answer.
Using HiveSigner to login is as safe as I said. But there's a but...
But if you choose to make a HiveSigner password and save your info with a hivesigner password and login name in front of it, then yes, they would need to save your keys. I have done so, and use it that way in my development testing and before I too, became a Hive Keychain browser extension user for its less clicks and more convenience to do the same thing.
Actually, as I think about it and poke around the source code on github for their own site UI, which is published (a key trust indicator itself) they may save them in your browser too, and not in a database on their backend, and that means they would clear out if you clear your browser cache and you'd have to start all over at HiveSigner and set up your key in there again when you do that. Honestly, I am not clear here, but I still think its fine - in regard to HiveSigner, to use them all the same.
In both cases, if you choose to make a login and retain your information at HiveSigner, you are trusting them with your keys, just like if you sign into Hive.Blog "manually" and directly with your Hive name and private key in their login form on-site.
In Keychain, this is the "the don't prompt me again" checkbox you can choose, but their code is ALL browser side, so they retain in your computer on your side, which can certainly be a risk on publicly accessible machines if the user is sloppy or not careful to logout of the site and keychain account they checked that box on that they are using but in general for personal use computers at home that aren't at risk of the next person after you using them, its no big deal for your own personal browser to cache things like this. It does it with your brick and mortar bank login, after all...
No hivesigner "save my stuff for later" login established, you will be asked every time you make a chain action happen.
No Keychain "Don't prompt me again on this site" checkbox? You'll be asked every time you make a chain action happen.
But both offer options, you can choose or not choose to trust, that do in fact open the keys up to some risks.
I needed to make sure I added this stuff. But I still think both are from solid people and teams, that have ZERO intention of doing anything malicious to their users. They have too much at stake themselves, invested in development time and personal reputations not to take this very seriously here.
Found it straight from the developer/creator's mouth:
Even if you "save" them, I was right in my musings, its all browser side, they know nothing on their side about your private keys ever.
hey nice, this is really important info. But there is one detail left, if a blackhat (like me) takes control of your PC, they will have access to your browser, so you should always be aware of any abnormal behavior in the browser and PC in general.
I make this note as an "extra" security measure to everything already mentioned 😀
Sure, You aren't wrong, Mr Hat of the Dark Persuasion, but you would also have my brick and mortar bank, email, anything really, so that's not a "Hive problem" by itself. That's just normal "owning a computer that has been connected to the internet ever and wasn't airlocked from zero day anyway" stuff.
Congratulations @sircork!
You raised your level and are now a Minnow!
Check out our last posts:
Congrats!
When I took my sabbatical to be ill, and then move to a completely different country, I didn't know if I'd be back, but starting from zero in the wallet, and jumping right back in the saddle, this did not take long at all. Granted I had some leftover "reach" for my posts and I make things besides words, like the streaming site HiveStreams.Live and the user tools at HiveStreams.net as well, but I am also following a cold-opening, brand new user on his journey to watch his brand new hive life unfold, and it won't take even the newest, most unknown human here to make it to minnow quickly, if they apply themselves to their craft and investigate the dusty corners of this place.
Im summary, to your comment itself, THANK YOU! :)
Keychain is just so easy, you can pretty much do anything you need with it.
That it ia, but ita been tough to implement on the app code side. I have a tool that will make that easier now, I just have to learn how it works next, then you'll be able to use any auth you want once I do. It's the AIOHA tool mentioned in the post edits and other comments here. Coming soon, I'm already figuring out how to integrate it!
EVM chains work with many wallets without even explicitly stating that they support Brave Wallet etc. I think there needs to be some unified way to create something similar for HIVE. I have seen some conversations about this. Ultimately all signing methods are about signing a transaction onto the blockchain. Have a unified method or at least a very small number of methods will help developers in the long run IMHO.
If somebody adds Hive to their wallet tool, cool. It would be neat if I could open up metamask and send you an HBD xfer, sure!
But I don't think that means all the dapps built for hive or any other chain need to start using each others coins and tokens for everything, thats just chaos. For the recipients mostly.
I already spend a portion of each day, going to dustseller or hive engine and turning layer two tokens back into Hive, I don't really play games or whatever, where some of those tokens have utility, and for the tip bot ones, I get a lot of those, I just kind of go... "why tho, hive worked fine already?" and turn them back into hive and from there HP or HBD or whatever I need or want to do that day.
So sure, build in cool key management tools for all the chains into a swiss army knife, I have KeyChain and MetaMask right next to each other right now in this browser. Be cool if I only needed one for all! Sure! In fact on my auth method preference poll post, I learned about a swiss army knife extension that will do ALL the hive login tools in one interface for users, and they can use whatever, while my site just uses that one thing. WIN, I'll probably use it once I fully ensure it's safe, reliable, will work in my code stack, and won't disappear in six months when they get bored or run out of money or whatever...
But that doesn't have anything at all to do with how my apps works inside itself per se, in terms of being Hive-centric, it just makes it easier for Hive Account holders to use it, Which is the goal.
So I think your point about auth tools is sort of adjacent but not central to this question of should HiveStreams.Live integrate its actual functionalities of streaming and watching, with other chains content distribution or user authentication methods. In fact that dilution is basically counter to the whole fundamental premise of the thing.
I was mainly thinking of a single method of signing HIVE transactions regardless of the login method. Sorry for the confusion. Let me reiterate.
I can go to PancakeSwap and use MetaMask, Brave Wallet, Trust Wallet, Block Wallet or any other EVM wallet regardless of it being listed as a login method on PancakeSwap. I don't know how this happen on the backend. What I know is that this is not the case on HIVE. I'm wondering if HIVE could be made more or less wallet agnostic.
All those EVM wallets are working with Eth tokens. All the things you listed are just the ETH version of the same problem - keychain/hivesigner/peaklock/hiveauth equivilants.
So I hear ya, but hive is "wallet agnostic" already in that way. As long as its a hive enabled wallet. Just like those others are if they are an Eth enabled wallet.
Thank you for clarification.
Ey Mr. Coder, here we go! 😀
https://wleo.io/
has been around for quite some time 😃
right, so those aren't actually giving people Hive accounts though.
Those are liquidity pools. Exchange tool.
The "b" in the name is similar to "swap.Hive" on the Hive-Engine. Basically, they have a big pile of Hive and HBD in an account, you deal with them, they send to your recipient, and broker the transaction between the sides.
So its a way to exchange and move the currencies around, or send a payment to someone with a hive account without making one, but it wont let you do any "hive things" by logging into a dapp or anything like that by itself. Unless you are using that exchange with a hive wallet to begin with just like hive-engine's tokens and swap.hive/swap.hbd all work.
Certainly, but at least the option exists. It would be very difficult for metamask or any other wallet to integrate hive/hbd due to the issue of commissions (each developer would include a commission, and since there is no internal commission for transfers, it could hardly be achieved, I see it this way from my point of view ).
Now it's difficult to integrate everything into 1 app, but whoever manages it (I'm betting on you) will surely win a few prizes.
I heard that someone is working on integrating hive keychain into metamask, but I don't know how true that is or how far along that is. I'm curious about this, especially because of the issue of commissions in metamask and how they will be handled in hive
When you say "commissions" do you mean Eth Gas? Which has broadly become a term for any networks transaction fees, paid to block miner/makers and which WE don't have on our feeless, free transaction network (RC excepted, but thats not really any kind of "money", and even minnows can make it with the base allotment of RC, though most get easy RC delegations from whoever told them to come here anyway so its kind of moot)
Anyhoo, yeah, the problems enter in when you have fees to use a chains tokenizer second layer to do this sort of thing. They gotta pay the gas. Which is why these sorts of Pools help, they keep the whole thing second layer and provide giant piles of middleman money to pass around when they get some from you and send it to the other person.
A do it all app, would have to talk to every chain, figure out the disparities in transaction costs, make that work somehow, even for chains that are normally free vs those that are very expensive like core Eth or even some BTC transactions and the problems in doing all this run deep, possibly insurmountable without these middle brokers facilitating things in the ways they do.
It's all very complicated and thats why crypto ain't "facebook easy" enough yet.
Thanks for betting on me, but beyond hive, I doubt I'll be of much use. I do have a line on the tool to make all our Hive auth tools work for my site at once without much effort and allow users to come in from any of them, or even add their own custom login validators to it, but beyond that, I dunno man, I just dunno how someone will connect all the chains money and make it make sense and still be easy enough to use that you don't need a technical engineering degree with a masters in finance to use it.
yes, the fucking and evil fees.
I think this sums up the whole problem, what if a universal blockchain were invented, where all the coins could survive, something like what they do in publish0x where they give you tips with different tokens? Of course, the technical aspect that you mention is a difficulty, but I think we are not far from reaching a metaverse where you can access and easily pay with any crypto you have. It would be something like having a bridge that would be in charge of creating anonymous, single-use wallets that were intended only to carry out that operation. Of course this would require a lot of code, but a proposal for a universal blockchain that would cover all the others (hive, btc, eth, solana, bch, matic, etc.) would be interesting.