Wouldn't using a registered email address be the optimal way to go for Steemit account recoveries?
In addition Steemit should implement some sort of confirmation email that has to be acknowledged if a user wants to transfer SD or SP out of the account. This would ensure that not only does the hacker need to compromise a users Steemit ID/Password combination but they also need to compromise a users 2FA protected email account. This would prevent 99% of all thefts. Not hard to implement and very secure, it is considered an industry best practice.
@smooth to the best of your knowledge is anything like that being planned? With Steemits explosion in the last 2 weeks there are some significant funds to protect.
Curious why this is not the direction Steemit went since its an industry standard and works very well.
i think the best for register is using email with required facebook or reddit.
Facebook or Reddit is great for confirming ones identity but for account recovery a 2FA (two factor authentication) protected email account would work best IMHO.
yes, thre is the best (before our account was hacked) like yesterday..
so many user with high balance was hacked.
One issue with submitting a recovery email is that you will be leaving your email out in the open for anyone running a Steem node to see. The Steem blockchain is public and open to anyone...I wouldn't add an email to a public blockchain where it could be sold to spammers.
Should be a way to hash it somehow.