You are viewing a single comment's thread from:

RE: SteemConnect V3 Beginner's Guide

in SteemHelp5 years ago

The private keys are encrypted on your own device. Someone needs access to your device, and nobody is crazy enough to even bother trying to break the encryption.

He doesn’t need to bother with encryption if he gets the SteemConnect password. Are we talking about the same things?

Sort:  

Yes we are talking about the same things.

The SteemConnect password is a way to unlock access to verify the private key that is stored. But the private key is stored encrypted.

OK, just one more step: When someone gets your SteemConnect password, he has a full access to your account, right?

Nope.

Without the private keys, the password is useless. That doesn't mean one should broadcast it in the open. It's an additional security step.

The same password unlocking protection is used by Steem Keychain, and by some of the most powerful password management tools existent online.

Maybe you mistaken the SteemConnect password with your account's master password.

That indeed is a very sensitive password and in my opinion never to be used, because, if leaked, it allows everything on your account, including changing the owner of the account.

Maybe you mistaken the SteemConnect password with your account's master password.

No, my dear @gadrian, i didn’t mistaken. When you login through SteemConnect, you have to enter SteemConnect password. If someone steals that password, he can do what he wants with your account, right? That is, until you change all passwords with a master password. How is that more secure than using posting password, which is intended (as the name says) only for posting and voting? Do you understand what I’m talking about?

See the other reply.

Thank you for your help, you have just answered to my question.