You are viewing a single comment's thread from:

RE: SteemLogin - a new and easy way to sign in to Steem!

in #utopian-io6 years ago (edited)

keychain is on your browser and you're responsible for your security.
Also, any browsers based on chrome can use the plugins as well.

If steemlogin is hacked everyone's keys are getting stolen.

Sort:  

There is no 100% secure solution to provide convenience to end users.
I chose what I think is the best tool to store posting keys.
It would require Firebase servers to get hacked for keys to leak.
They build their reputation on the security of their customers data. And they are accountable.
I trust them probably more than I trust Steem Inc to secure much more sensitive information than the posting key.

Posted using Partiko Android

Um, they did attempt this, It ended badly if I remember correctly. Which is why your details are stored in your browser encrypted now.

It's been 3 years and people don't think this idea has been thought of. There's kind of a reason why. There is a reason why meta mask has taken over blockchain technology. Companies who store keys can be responsible for losing thousands if not millions of users data.

If a user gets hacked they only lose their keys not everyone else's. And Google is supposed to be trusted, but the government and other high end hosting solutions of peoples data get hacked constantly. Just because they're a big name and are known to be trustworthy don't make them hack-proof.

Also, it's not if they can break in, these days it's when.

This is what can happen if your posting key is stolen which is just as bad as someone getting your posting key.

Damage that can be done with just the posting key

The posting key can do a lot of damage. Following, upvoting, overwriting all your posts and comments, and resteeming which can't be undone.

Someone can turn your page to garbage with just your posting key. They have the ability to destroy what you have worked hard to build up even if they only get your posting key.

Again, all of your keys can in principle be stolen from Steem nodes.
I am not claiming that Firebase will never be hacked.
I am offering a convenient way for people to use Steem apps without entering a 50 character hash.
This comes with a certain risk. It's unavoidable.

Of course I was expecting this type of reaction from some users.
In my mind this is the price to pay if we really want wide adoption of Steem apps.

You don't need to enter a 50 char hash, You can use a qr scanner on app or copy paste using mobile lastpass.

On desktop or mac you can use lastpass.

What percentage of users would do that do you think?
How would you scan a QR code when using your mobile on the bus?
Many developers have given up on Steem because of the difficulty for potential users to login.
I can live with the risk. I'm sure others can.

Posted using Partiko Android

They don't have to use qr scanner on phone they can use lastpass. Copy paste password in the app login.

And yes I'm saying lastpass is more trusted than this.

I personally use Lastpass, but regular people don't use password managers. Even that is too techy for most people.