Hey @arhag, really nice write up as usual! I completely agree that users should be educated how to properly lockdown their accounts.
I created a guide on how to set up out-of-band 2FA with a free Duo account in combination with LastPass to add an additional layer of security to Steemit Accounts. The secondary authentication can be set up to be delivered as a push notification to an app on a phone, greatly reducing UX issues.
I would appreciate your feedback on my article considering your deep expertise in security.
Thanks!
I think @robrigo's write up needs more attention. Go give it an upvote if you love security: https://steemit.com/steemit/@robrigo/security-how-to-how-anyone-can-avoid-losing-access-to-their-steemit-account-with-lastpass-and-duo