You are viewing a single comment's thread from:

RE: Steemit Applications Team Update

in #steemit7 years ago (edited)

Thank you for your contributions and updates Steemit Applications Team. It would be nice if you could take a precaution to not send users' passwords as posts or comments or memo. Some malicious people follow these posts and comments and hack their accounts. Lately, many of our friends have lost their accounts because of this issue.

Sort:  

Unfortunately, such a thing happened to my friend. This is a very bad situation. I hope nobody lives in this situation again. He even wrote post about himself.
https://steemit.com/steemit/@canburaksimsek/steemit-hesabim-calindi-simdi-ne-yapmaliyim-steemit-my-account-is-stolen-what-am-i-to-do-now

Sorry about your friend's loss,it also happened to my close friend,within seconds his account was emptied(i have read that post and damn...that was so much Steem.)

The suggestion he had is the one i also had in mind,disable any content in comments that starts with "P5...." probably bring a mesaage before a person presses the post button.

There is already a warning when posting with strings that look like WIFs (formatted private keys). I was giving away credentials for a testnet account. Such a change would possibly only require modifying a single string.

I believe the wallet page already prevents that. The main issue is when users put their keys in to external (non trusted) websites.

hey @timcliff. I have a question: do you use this board or is it outdated?

And as a second question, if you have some extra time, how can people run jenkins on steem?

Thanks a lot!

Afaik, that board is still accurate for HF 20.

I do not know how to run jenkins. It is part of the check-in process in GitHub. It is not required to run a steemd node though.

As far as I know, this feature is only on the wallet page, not posts or comments. Yes, as you say, it's very important to keep the keys safe.

Good suggestion. Do you know how to open a community enhancement suggestion in GitHub?

Yes, I know if you can send the required project link I would be very pleased.

Ahh thats good to know that the official steemit page already prevents the sending of what it sees as a key in the memo field, that's nice. Well I guess one day we may have some hypothetical 2factor authentication system for steem, or we may have some sort of culture of just never leaving much liquid SBD or Steem in your wallet, so only SP is there, and maybe have a faster account recovery system since Ive had a friend steem4depoor now steemgh loose 180 SP after his 30 days went by after no response from steemit , but yeah stolen accounts and all the phishers is a problem but I feel one dya steemit inc will just start blocking KNOWN phishers and scammers, like people withouta doubt have been phishing, just block them from the front end, block their messages from even being displayed, I feel like that si an easy simpel answer, and I bet it 3wil eventually happen one day :D That way theer will be no more links for users to get phished from OR BETTER yet make it so at least the official steemit front end doenst even allow a known phishing lnk to be posted in their text box maybe?

2factor would work if the transfers occurred through steemit.com. Steemit could add 2f, but since an attacker can always just go directly to the blockchain API and submit the transfers there - there is no way to really enforce it.

No. The blockchain can do 2nd factor. I am developing a wallet for that. You need one or a number of third parties for cosigning that do one time passcodes and special software that can send these partially signed transactions to said parties. The wallet needs to be manipulated by the owner key to weaken the authority 9/10 power and then give 1/10 power to the others. Once set up, The third parties cannot misuse the power because they do not have enough authority. A hacker with your active key cannot misuse without the 2fa.

Interesting. That seems like it would be really beneficial. Good luck with the project!

No. The blockchain can do 2nd factor. I am developing a wallet for that. You need one or a number of third parties for cosigning that do one time passcodes and special software that can send these partially signed transactions to said parties. The account needs to be manipulated by the owner key to weaken the authority 9/10 power and then give 1/10 power to the others. Once set up, The third parties cannot misuse the power because they do not have enough authority. A hacker with your active key cannot misuse without the 2fa.