Peaks does not require you to give them your key. It is only stored in local storage and transactions are signed locally.
This is true with peaklock (which I only use for mobile) and keychain which is the most popular Hive solution for authentication. Your key is never sent over the wire in either scenario.
Hive also has multiple keys that compartmentalizes authorization, in most cases you only ever need your posting key which has no access to funds or critical operations.
I need to look at it again then. As I remember there was a webform that required one of the sensitive private keys. I recall not wanting to put my key into their website.
They all can take a key if you choose to use that method. They all handle it locally only and broadcast signed transactions.
They all can use hive keychain (extension) that holds keys locally and also broadcasts signed transactions. This is what 99% of people use I believe.
Peakd also has peaklock a local wallet for keys simpler to keychain but without the extension.
If I have to input it into someone's website, it is not truly local.
Browser extensions are pure evil and a hackers wet-dream, so I don't use those for authentication.
So, I think I am out of luck. Which is fine, as long as HIVE is working properly.
If they ever allow just a posting key, then I would reconsider. Otherwise, I don't like the risk calculus.
How are you using Hive.blog?
I have to put my key into the site. But the site is foundation of trust, as it was created when the fork occurred. It is a first party. Any layer above it is a higher tier party, and therefore less trustworthy.
I.e. logging into my banks website is much more secure than logging into another website that will log into my bank.