2FA does not protect you from a stolen private key. This is why ideally you would keep the password somewhere safe, and only login to steemit with your posting key.
You are viewing a single comment's thread from:
2FA does not protect you from a stolen private key. This is why ideally you would keep the password somewhere safe, and only login to steemit with your posting key.
Yes, I know you can still use the private Owner key to import in the CLI wallet for example and run away with the SBD and STEEM tokens that a user has...
Using something like a U2F key, Trezor or Ledger would protect you from that, if the devs enabled support for it. Those devices can sign a transaction without ever exposing the private key to interception.