Keeping cryptocurrencies on a phone is really a crazy thing to do in my opinion... Are there so many people doing so? I mean, people connected to the crypto world should know that, shouldn't they?
Yes, a lot of people do. Let me ask you a question though. Do you ever use your active or owner steem key on an online phone or computer. Because if you do you're subject to the same possibility of getting your steem or steem dollars stolen.
Never on a phone (there I use the posting key only) . However, on a computer, I sometimes need to use the active key (to validate transaction from wallet). How to do it otherwise?
That is a good question. I don't think any hardware wallets support Steem or Steem Dollars right now so that's not an option (someone please correct me if I'm wrong on this). There is probably a way to sign transactions on an offline computer but that would be far from simple. So, there is no great solution. Which was kind of my point in asking the question - to point out that whether you use an active key on a phone or a computer you are vulnerable to attack.
Bonus question: Where did you get your owner key? Was it generated on an offline computer (guessing not) ... because if it wasn't that is at risk too.
Great post! What other companies/presenters had interesting stories to tell on security?
Thanks! These talks about security were also interesting (see below for someone's video of day 2)
PAUL PUEY – CEO OF AIRBITZ – SECURING THE FUTURE OF BLOCKCHAIN TECHNOLOGY
http://btcmiami.com/speaker/paul-puey/
At Time stamp 1:39:42
Ledger Wallet CEO Eric Eric Larchevêque https://www.ledger.co/ at time stamp 35:50
Great Article. Followed ReSteemed and Upvoted.
Keeping cryptocurrencies on a phone is really a crazy thing to do in my opinion... Are there so many people doing so? I mean, people connected to the crypto world should know that, shouldn't they?
Yes, a lot of people do. Let me ask you a question though. Do you ever use your active or owner steem key on an online phone or computer. Because if you do you're subject to the same possibility of getting your steem or steem dollars stolen.
Never on a phone (there I use the posting key only) . However, on a computer, I sometimes need to use the active key (to validate transaction from wallet). How to do it otherwise?
That is a good question. I don't think any hardware wallets support Steem or Steem Dollars right now so that's not an option (someone please correct me if I'm wrong on this). There is probably a way to sign transactions on an offline computer but that would be far from simple. So, there is no great solution. Which was kind of my point in asking the question - to point out that whether you use an active key on a phone or a computer you are vulnerable to attack.
Bonus question: Where did you get your owner key? Was it generated on an offline computer (guessing not) ... because if it wasn't that is at risk too.
Then I am at risk ^^ Remember that I am a newbie with the cryptoworld :)