You are viewing a single comment's thread from:
RE: Is our Eternal September coming?
That's right. Those are the problems with it. But how would you go about eliminating the need to paste your active key into a web browser ever? A local storage on the user's computer? But isn't that what browsers have built in? A local storage that requires the users to activate with a password each time they engage in a session of using Steem to reduce the risk of an unauthorized person using the browser?
Actions on Steem are transactions, signed by our keys, just like any cryptocurrency. The difference is that we have extra types of transactions... but it all works the same way.
People with hundreds of Bitcoins don't keep their keys on their PCs. They keep "watch-only" wallets on their PCs which construct transactions for their dedicated offline device to sign. The PC only ever sees unsigned and signed transactions... never the keys.
Baby steps... the first part is removing transaction signing from apps. There is a balance to be struck between convenience and security, but the average Steemian's current workflow is heavily biased in favour of convenience, at great cost to security (as evidenced by the multiple phishing epidemics we've had in our short couple of years).
That's not right, and I want to change it.
Bitcoin transactions particularly from offline wallets that are infrequently used can be handled very differently from transactions done on a social media app. If you're using a Steem app, it would be very impractical to have each upvote, comment or whatnot signed by an offline device.
One pretty straightforward way to improve security is to have any large amounts of SP or liquid STEEM and SBD on accounts that very rarely interact with the blockchain and have those accounts delegate SP to your daily posting account.