You are viewing a single comment's thread from:

RE: Steemit's Security Values & How Steem Keychain Can Help

in #steemit6 years ago

Active key transaction is exactly what I meant actually. What was the concern not to allow whitelisting transaction that requires actuve permission?

I understand user's fund maybe at stake and that might sounds like posting a risk to the real money. But at least provide an option for those who would like to whitelist that kind of operation? That would really helps the mass adoption of Steem especially in the DAPP like dice game. And that to me is the final form how Keychain should be like. Users get to customize it to their most convenience.

Posted using Partiko Android

6 years ago in #steemit by
$0.00
    Reply 2
    Sort:  
  • Trending
    • [-]
     6 years ago  

    A website whitelisted to use active authority by a user could, if falling into wrong hands :

    • Instantly steal all of the user's liquid assets
    • Broadcast an account update that would change the private keys and therefore take control of the account
    • Initiate power down, etc.

    I think the tradeoff between security and convenience is too big here, thats why we only authorize listing for actions requiring posting authority, since they don t have a direct impact on stake.

    $0.00
      Reply
      [-]
       6 years ago  

      the tradeoff between security and convenience is too big

      I agree and they are all valid concerns. But you can still offer user the ability to decide whether they are willing to go for the tradeoff or not. Maybe the whitelisting process can be more hidden in the setting or put up a significant warning sign in the whitelist page for active authority. Option are tons.

      $0.00
        Reply