Steemit Releases Groundbreaking Account Recovery Solution
Today we would like to introduce our innovative approach to securing user accounts. As far as we know, our solution is completely new in the cryptocurrency space and will raise the bar for security on all platforms. So before getting into our solution, lets give you some background on the nature of our security challenge.
A recent post by @karnal talks about how no browser based wallet can ever be completely secure.
It is incredibly difficult for services like blockchain.info to keep user wallets secure and they have a major advantage over steemit: they do not display user-generated content. The mere act of displaying user generated content means we must filter said content for anything that could be reinterpreted by your browser as a request to send your passwords elsewhere. Filtering is very hard to perfect, something eventually gets through the cracks.
Recognizing what is Impossible
We recognize that it is impossible to prevent all browser side exploits. The reality is that there are too many factors that are completely outside the control of steemit. These factors include browser vulnerabilities, plugin vulnerabilities, phishing attacks, man-in-the-middle attacks, etc.
Some people suggest going to extreme measures such as hardware wallets and downloadable apps. The reality is that this approach to security is extremely costly and harmful to the user experience.
Steemit will do everything it can to give users the best possible options to secure their accounts. We also know that only 1% of users will actually use the best options. For most people, convenience trumps security.
I can put this into real world terms. It is impossible to prevent someone from breaking into your house. You could spend millions of dollars on the most advanced security systems and people can still break in. Not only that, every extra security measure adds inconvenience to your life and requires constant vigilance. Even a Nuclear power plant in Iran that was completely disconnected from the internet was hacked.
At some point the cost of preventing a break in is higher than the cost of recovering from a break in.
Attempting to do the impossible is bound to fail. Instead Steemit will take a new approach.
Recovering from Theft
You may not be able to keep thieves from breaking into your house, but at least you know you can get back in and change the locks. This is the approach that we are taking.
With Bitcoin and other cryptocurrencies a hacker breaks into your house and changes the locks. You are unable to get in without "hacking the hacker" and that is almost impossible for 99.999% of people to do.
With Steem all of this is going to change.
If your account gets stolen, then you will be able to work with Steemit, Inc (or someone else of your choosing) to recover your account. All you will need to do is have access to any key you used on your home in the past 30 days.
The thief got into your home because he got a copy of your key. From the blockchain's point of view there is no difference between you and the thief. From the outside world's point of view there is a huge difference.
In my previous post I challenged the concept that "Key is Law". I made the point that for blockchains to protect property rights they need to factor real identity rather than just evidence of identity. Your password (aka private key) is just evidence. It is not absolute proof. The mistake blockchains make is to assume that it is proof.
How it Works
When an account is hacked there are two or more competing claims of ownership because multiple parties may have access to the password. The blockchain simply needs a way to break the tie and pick one claim over another. This requires three things:
- A trusted individual to vouch for you
If there is no time period during which key changes can be challenged, then the first person to change the lock wins. The more time you have to respond, the less chance that someone will get away.
If you are not paying attention then all the time in the world will not be of use. You need to be notified every time the key changes on your house. This notification gives you the most time to find a trusted individual who will vouch for you.
A Trusted Individual
A trusted individual is someone who can identify you independently of your key. Steemit can identify users by their email, facebook, and reddit logins (if you signed up through us). You could also use your mother, wife, employer, or friend, or other 3rd party provider.
When you notice your account has been hacked you contact your account recovery partner (the trusted individual) and ask them to submit a request to change the locks on your account. They verify you by whatever means they find satisfactory and then submit a proposal to the blockchain to change the locks to the ones you gave them.
Once the promposal is submitted to the blockchain, you will have 24 hours to login with both your old and new keys (aka passwords). Any key you used within the past 30 days is sufficient. If you login in time, then the keys will be changed and the hacker will be locked out.
If you don't have a key that was used within the past 30 days, then your account will be unrecoverable.
Why it is Secure
This process is strictly more secure than what any cryptocurrency offers today. Your trusted account recovery partner does not have access to your account because they do not have access to any of your keys. This means that your account is secure unless you are hacked by your account recovery partner. Because you know who your account recovery partner is there is little chance they could hack you and get away with it.
What if your Recovery Partner is Hacked too?
In this case, they would simply appeal to their own account recovery partner. Once they recover their account, then they can work with you to recover your account. It is exponentially unlikely that the hacker can compromise all accounts in a very long chain of recovery partners.
Changing your Partner
At anytime the owner of an account can request a change to their recovery partner. After a 30 day wait (during which the change can be challenged), the recovery partner is updated. This means that if you buy an account from someone, then you can rest assured that they cannot take it back. It also means that if you don't like your current partner then you can change it. The recovery partner has no say over the process.
Selling / Transferring Accounts
Under this system it is still possible to transfer accounts. You must either notify your recovery partner of the change or change the recovery partner. Transfers can be instant if you both trust the recovery partner, or they can take 30 days if you don't trust the recovery partner.
Keeping the Horses in the Barn
When a thief breaks into your house he can still do a lot of damage while you are getting the locks changed. Any cash you have laying around can be taken. You may get your house back, but the cash is still long gone.
Enter Steem Power
90% or more of all wealth in Steem is held in the form of Steem Power. This means that even if the thief gets into your house, he must wait for the time-lock safe to unlock before he can get to your cash. As long as you get your account recovered before your account can power down (1 week) then 99% of your Steem Power will be safe.
Now that we have a rock-solid account recovery process, we will add features for people to hold STEEM and Steem Dollars in time-locked "savings" accounts. These "savings" accounts would add a multi-day delay to any transfer request. If your account is hacked, then you will have a few days before your "savings" is at risk.
Steemit has created a solution to account security that is completely decentralized and based upon real-world identity rather than the poor substitute of a single private key. The entire social network collectively secures and identifies each other. It does all of this without introducing an increased level of trust nor requiring a centralized provider.
Under this model it should be completely unnecessary to hardfork in response to a hack. Any money that does get lost will be small amounts of liquid cash held outside of Steem Power or the time-locked savings accounts.
Due to these extra measures, Steemit can continue to provide a web-based interface even though keys will get stolen from time to time. What won't get stolen is account identity and that makes all the difference in the world.
In information security speak what Dan is talking about is incident response and disaster recovery. As long as the system you build has an ability to "self heal", which means to recover from attacks and develop immunity to future attacks which use the same methods, then you'll do fine. The attacker might be successful and in that event the system is resilient enough to heal and recover continuously from threats like an immune system.
Roaches for example are almost impossible to exterminate because they mutate so fast, reproduce so fast, and adapt to threats so fast. This indicates that roaches are incredibly resilient to attack because diversity and fast mutation provides collective security for the roach species. I wrote something about this in an article called Attack Tolerant Information Systems, and the point is you're never going to be able to prevent attacks but you want to build systems which tolerate being attacked and develop an artificial immune system of a sort.
That kind of solution may go beyond what Dan is talking about with Steemit so far but I thought I would mention it anyway for people interested in the state of the art in security.
Convenience vs security can be bypassed if you have good disaster recovery. Group owned accounts using multisig is the best idea. We can secure our accounts through our social networks of friends. If we are using Facebook then in the event of a compromise we can confirm on Facebook that it is us. Or we can simply use a PGP signed message which I also made a section for for on Steemit. If you know how to put up a PGP public key then I suggest you put one up in your blog just for Steemit.
Although, not completely related to the technical aspect of your post- I discovered a method of roach extermination on Amazon.com -which proved to be more effective than modern pesticides. Boric acid pellets worked more effectively because the roaches will crawl upon the pellets and often ingest the powder from the pellets as well.
Aftéwards, the roaches will transport the powder from the pellets back to the nests via its limbs. All of the roaches in the nest are exposed to the Boric acid residue introduced by the host. The host dies and all of the roaches in the nest as well.
Their ability to mutate and reproduce is cancelled within the nest environment. All other roaches -when exposed to the morbidity within the nest, will eventually flee the immediate area of infestation.
I believe modern manufacturers of pesticides discovered that boric acid was less profitable-because the roaches ceased to mutate, reproduce and develop the instinct necessary to evade attack.
Pleas check out this post I made about a steemit Bug the dev's should see this post so they can fix it. https://steemit.com/bug/@stijn/steemit-bug-needs-to-be-fixed
I commented in the wrong place sorry (edited)
this is incredibly interesting, thank you.
Pleas check out this post I made about a steemit Bug the dev's should see this post so they can fix it. https://steemit.com/bug/@stijn/steemit-bug-needs-to-be-fixed
This sounds like a lot of the concepts developed by James D'Angelo. I hope he's being reward it!
I'm confused, are we able to use multi-sig on steemit yet?
I have no idea what you are all talking about but its interesting and I guess I have to learn how to lock my new steemit home ...Thanks for this @dan , you made my head very dizzy :)
Good lord! This makes me so insanely bullish on STEEM.
I think this can solve so much of the bad press and bad UX that have hindered adoption of crypto in general.
This solution is decentralized and can be applied to lots of other fields. Very similar to the way private law would operate in a Voluntaryist society.
The fact that STEEM has the vesting feature just makes it all that more robust.
So let me get this straight.. first you find a way to onboard non-crypto people into the crypto world.
Then you find a way to make POW non-ASICable (by posting, commenting and upvoting).
Then you figure out how to effectively peg a cryptocurrency to the USD.
Then you find a way to make transactions on a blockchain free.
Then you find a way to build a browser side open bazaar.
In fact pretty much everything is browser side for the masses to just type www. whatever and begin...
Now this genius free market solution to preventing theft!
Hat's off to you and your team...
As I said in one of my very first BitSharesTalk posts "Can we get a couple of full time security guards to guard this dude's house while he free's the world from tyranny?" haha!
Very innovative concept. As many of us know we can always expect fresh creative and ingenious ideas from team Larimer!
Guys this is brilliant. this is why i dont mind investing into this, the devs are just world class.
right on the money
When will we see in the GUI
This post is only about the technology being deployed in the hardfork taking place in 24 minutes. We are working to improve the web interface to take advantage of these features.
Yeah this is why Steemit is going to be successful compared to these other complicated cryptos that most people in the world would be confused/possibly scared by..
I believe in STEEM all the way which is why I'm holding out for my helicopter and island.. I tried to inspire people in a post I did yesterday called What sounds better.. a new car or a yacht?
Check it out and let me know what ya think :D
My account was hacked and I did not receive any support via email from steemit support. They did not do what they presented.
Dan, it may be a good idea to state the timeframe for this recovery process to be fulling implemented and in effect as some folks me immediately become more relaxed on security, misunderstanding that the procedures and protocols are not yet in effect.
All I can say is that our developers are working around the clock to get this out as soon as possible.
The necessary blockchain level features are now in place. The web interface to enable the use of these features to recover accounts is half done and will be deployed as soon as it is ready. We wish to make the experience as smooth and seamless as possible to recover your accounts.
Thank you and please take your time. I am sure we can all wait for a solid implementation, rather something done under the pressure to rush out with!
Thank you and your team for all you're doing as far as security. It really says a lot about your commitment and responsiveness to the community needs... We're all grateful for the project overall Great Work!!!!
This is amazing, ground breaking is the right word, and the idea of a security parter goes hand in hand with steemit being a social network platform. This is also easy for the average person to adapt, no technical savvyness required.
There is a concept called "Social Networks as Contract Enforcement" in academic literature. Not only can you provide security in this instance but you can possibly do loans and other things which require trust. So for goods and services I think Steemit can expand into that too and compete with the likes of Open Bazaar with an edge.
Open Bazaar you say.. when the steem dollar marketplace launches, you wont be saying "Open Bazaar" anymore
How do we go about chosing a partner?!
by default all accounts have the account creator (steemit) as the partner. If you are an advanced user and pay to create a new account, you will be the partner on the new account by default.
We will provide an interface in the wallet as soon as possible. Please understand that interface work takes much longer than backend work.
Thank you for taking the time to answer our questions. You guys are under a lot of stress and pressure and, I imagine, lack of sleep. We appreciate you and please take the time to do it right. thanks.
I'd like to know how we choose a partner also?
@dan, this is remarkable. I haven't read through all the comments yet, but here is my biggest concern:
If a thief gains access to my account and powers-down to try to steal my SP, is that power-down request still set in stone when I recover the account? I.e., even if all my wealth is held in SP, it seems like a thief can effectively destroy my account by powering-down. True, he won't get any of the steam points, but now all of a sudden I don't have any SP because they're powering down for the next 2 years.
My question may actually not be relevant, depending on the answer to my earlier question about the timing of power-down.
from what i see. power down can be canceled at anytime. after 1week or 10. So that's not worrying. Also, if this will work, you'll have access back to your account in a day not 2 years, as much as i understand it at this point!
You can cancel power down.
And there it is. Thanks!
I hope the problem can be resolved properly, thanks to this notice and it was very important, waiting for good news my brother @blackjincrypto account being compromised, hopefully it can be re-accessed
That you guys have been able to think through and so quickly deploy this in the midst of everything else is damn impressive. Great job to all!
Hello! I would like to get your opinion on this. Thank you! https://steemit.com/steem/@acidsun/banners-for-steemit-community
Thank you for this.
I agree with @dan on how any high-tech approach to the "impossible" 100% account/wallet security, will inevitably hurt user experience.
I think for now, the proposed method above will suffice, if we find other methods in the future that can improve on this, then why not?
Thank you again for being vigilant on this front. Security should always be one of our top priority. ANYWHERE. -east
Thank you for this article and the expalanation. Very impressed how you keep learning from challenges and keep blockchains improving.
Very nice work, this is truly an awesome addition and creates a new standard and sets the bar for all other cryptos.
I AGREE! Thank you for posting. Hope you get this to snowball to the top!
I up-voted you too... BTW, should steemit let us steemers advertise using steem? Be sure to tell everyone you know to come vote here at: https://steemit.com/steemit/@kingtylervvs/if-steemit-ever-does-decide-to-advertise-there-is-only-1-way-it-could-work-in-my-opinion-debate
This is a democratic community decision.
One of the important things here is to maintain honesty . Vote for posts and comments that are really good, or similar to your personal preferences. Many strategies made just for making money, are destined to fail, probably work a while but the community will go towards equilibrium.
The best strategy is generate value and find good posts or comments before the rest.
All of these attacks and FUD being spread across the web have me even more interested in steemit. We have got the attention of some powerful people and they are not happy. I myself started to doubt the power of this thing, but I am seeing the light.
Keep up the great work dan and crew.
Go dan...go dan
BTW, I've been heard that there is gonna be a russian analog of Steemit soon. What about source code, is it open? What is the license?
I suggest you create 2 accounts and become your own trusted 3rd party. That account you don't use unless your keys are stolen. Trustless!
great idea. multisig same too.
This add an incentive to power up. One should not hold Steem in his account for security reason. Great solution @Dan
everyone should power up...
You can apply time-lock to your liquid steem/steem dollar in your wallet as well.
that is a future proposal, not currently implemented.
what does time lock do?
This is perfect, amazing progress in development. Especially considering how the problems came to light with the attack just a few short days ago. You guys are putting on a crash cource in the perfect way to begin a crypto project. Transparency, skills and most importantly excellent solutions to problems with real results. Bravo!
👍great post @dan,this is very important information...
It seems to me the most important part of this will be to create a long chain of recovery partners. I like that thoughts coming out of this as they seem pretty foolproof. I'm also super curious about the time locked savings account.
Well this is a relief considering i'm living off steem currency alone for 30 days.
This is great! I suppose the hack was a wake up call of sorts to implement better security measures and features. Hopefully you will be implementing some changes to the web interface soon to make things a bit easier for all the users of the platform. But cheers on this ground breaking solutions for everyone on the platform!
Good system of restoration. You are good fellows!!!
Хорошая система востановления. Вы молодцы!!!
@Dan I read this 3 times and still confused on how this works sir.
Excellent. Way to be on top of things. Big Big VOTE UP!!
The STEEM team is a big part why this will more then succeed.
Thank you very much for the continued transparency and updates, @dan .
I am very interested in seeing how you approach security - it is an innovative, and in my eyes ingenious, approach, which seamlessly addresses one of the core challenges when it comes to security: the user. I very much appreciate how you wish to enhance the user experience whilst keeping it as convenient and easy as possible to ensure proper security for as many users as possible. Kudos.
Excellent article another feature that could be added is for people to hold STEEM and Steem Dollars in partner-locked "savings" accounts. These "savings" accounts could add a "trusted partner ID verification" (or multiple partner ID verifications ) to any transfer request. This would make near instant withdrawals possible with no need for a time delay. Beneficial for those needing liquidity at all times.
This could be implemented by submitting the phone numbers of " trusted partners " who could submit the verification along with a code from googles "authentication app" on their phone/s.
I love Lastpass with hardware 2FA yubikey with NFC for mobile. 100+ character passwords are no problem.
Hi @dan. I'm quite new to this and not very tech savvy. While I think it's great that you're making account recovery easy I wonder if you could further consider the user experience. So far, making the system more secure has also made it more complicated for less techy people and I'm finding that people I know who have signed up don't ever want to even try logging in again. Here are some comments from friends that I had sign up.
I've written a post here which proposes a possible solution.
I wonder if you or Ned have considered it already.
My brothers post suggests that SteemIt.com needs to support the U2F protocol in order to allow users to secure their accounts with an actual physical key (like a USB) that the account holder uses to plug into the computer when logging in.
I'd love if you'd consider it
This looks very promising compared to other security implementations platforms are taking and a complete rethink is needed, keep up the good work dan
This was a team effort. I am very grateful for the all the developers who have been working 18 hr days this week to enable this innovation.
good tutorial there needs to be a place where you can find them all at one place
Congratulations, is a great post!
Do you like it?:
My God STEEM
Great and very solid concept! I truly believe that next project, which can solve Identity-based problem (blockchain powered, obviously) will be next big thing. Huuuge thing!
You guys keep on surprising us!! One after the other innovative ways to deal with things. That's why Steemit is growing so fast and it deserves too!! Where else do you see groundbreaking solutions to different things all in one place!
I cannot thank you enough @ned and @dan for all the work that you put in and others as well who work countless hours to ensure the success of this platform. Really grateful to have come here. I am going to bring more people in so they too can experience the awesomeness that is Steemit.
These kinds of innovative & practical solutions from the Steemit team give me incredible confidence in the platform. It's hard to maintain the balance of user-experience and security and this is a creative & elegant solution!
Steemit forever! :)
I love the sheer amount time, planning, and future penetrability issue prevention that not only the Steemit Devs themselves put into their work,
but that the community itself adds onto and in turn creates a community
where we don't just feel like we as individuals, with our singular voices,
can have a positive impact, but where we actually see how often that
This (Steemit) is an absolutely remarkable breakthrough in every aspect of
social media/interaction, cryptocurrencies, and technology as a whole.
Being in the risk management field, these extra safety features give me a lot more comfort as a user. I reflect this off of Facebook, which will sell your information to the highest bidder and delete and ban certain speech. I see a change coming, ans Steemit is placing themselves in a position to take that market share.
Excellent, great news and very interesting developments!!
Great post, im glad you make it to us :)
This has to be the greatest most innovative group of developers I have come across so far. Keep up the great work!
Wow: https://steemit.com/@shaydulla Like please )))
Why not call it multi-sig wallets? Allowing to have one or more recovery partners
Great initiative , its always logical to hope for the best but be prepared for the worst.
Now that I think about it. The founders of @steemit really thought it through. With the former experience of founding #Bitshares and overseeing the years of turbulence, Daniel Larimer brought his experience on board and co-designed a blockchain platform that is here to stay. This Policy -Steem Power is non-transferrable and will require 2 years and 104 payments to convert back to Steem -will shape a community of long-term content quality producers and thinkers, and most importantly, prevent severe losses when it comes to account hacking. I look forward to the other social media platforms that Steem founders have planned to create to change this world for the better. #SteemPower #Futureishere #powertothepeople
Great article, really helpful and to a point! I will have to read more about this :) Thanks Dan! Alla x
Good post! I like it! Good Luck To You!
Steemit up. Great indeed!
Good to know there is such a great team behind steemit!
Awesome post! Thank you. Anybody who hasn't changed their passwords yet Please do so! Be safe and not sorry
Hi Dan, thanks for the great info and working so hard with the team to secure the platform. Do you know by any chance when our hacked accounts will be available to us again? (specifically those created without facebook login)
We will make a statement later tonight once we have more details.
It's great to see new technologies break in early stages. They always come out stronger in the end!
why don't you want to make an SMS confirmation at key moments? for those who wish it
This system will allow us to do that.
Wow! In my opinion this will be a game changer.
Thanks for putting this together for the community.
great info !!!!! well done steem is more secure
@dan this is incredible guide to save steemit from hacker or cracker reach, thank you.
Great work guys, I'm excited to see this in action, even if I am a bit skeptical in some ways (it's hard not to be in crypto, eh?)
Graphene technology is always ahead of the curve.
Steemit 2016 killer app awesome ! Curious how many users it will attract ...
Damn it...now I feel comfortable pouring more money into this platform....arg!
Classy post. cool
This feature is absolutely critical to mass adoption and addresses one of the largest barriers to wealth entering crypto assets. In the fiat world banks and credit card companies can assist customers if they are hacked, in the crypto world there is effectively zero recourse. Congratulations to the devs on another revolutionary innovation!
The truth is very bitter. Thanks
Thank you dan for making this post in a way that everyone can understand.
That's why I want to move everything to STEEM POWER!
I love the way Steemit handled this.. With a new site concept like Steemit seems like it is the best way to keep the site moving forward :D
Would it at all be possible to blockchain-integrate hardware-based PKI certificates from the TPM 2.0 specification from the Trusted Computing Group (i.e. http://www.trustedcomputinggroup.org/work-groups/trusted-platform-module/) as an alternative to recover a stolen account? I find that this approach would offer a convenience that the partner account couldn't offer. I know this would require a technical solution to onboard PCs with an activated TPM, but it might be worth it to offer a secure, hardware-appliance based approach to this problem. I mean, when was the last time DirectTV streams got compromised in general, sure a box or two, here and there with compromised key cards, but nothing large. Thanks!
This is groundbreaking for sure. More incredible, it's a social media platform among a cryptocurrency trading scheme. With this security net, there's less hesitancy.
Only downvoted, as I sometimes do, to prevent platform announcements from draining too much of the rewards pool away from other posts. I agree the new feature is quite interesting, potentially revolutionary. I look forward to seeing how it works out in practice. On merit alone (if a reward pool were not involved), I would upvote.
A trusted 3rd party of the users choice is a nice change from being forced to trust some random company or fork over private information.
Minor correction. If you recover the account within a week, and it had not already been powering down, then 100% of the SP would be safe, not 99%. If power down was already in progress then it depends on the remaining time until the next power down, but if the account is recovered in time, 100% could still be safe.
I can't see my login tab for my "owners key" on my permissions page any more?? has something changed? do I just write "/owner" when I log in or it asks me for it? or am I hacked?
edit: nor can I log into my active key !!??
also I notice when I look at other people's pages I can look at their wallets? does that not make targets of the bigger holders? is there an option to hide it?
thanks for your time, I'm loving the site so far
Hello! Transfers are temporary disabled today and with it associated i cannot login with my owner key?
Could I be my own security partner by using another service like Blockstack, if I had already proofed ownership of the steemit account I mean.
This addresses one of the biggest barriers to adoption in the crypto space and could not be more timely or a more perfect fit for the Steemit platform. Congrats on another quantum leap!
This new security improvement is great. I feel much better now. Good work to say the least and a huge thank you for taking proactive actions.
tanks for sharing...
I'm excited - again, this is revolutionary. Thank you for being such a forward thinking admin team :)
Wonderful Implementation! This is definitely a game changer In "Social Media Mining!"...https://steemit.com/steem/@steemit-life/social-media-mining
Another brilliant solution on a brilliant platform. Thank you.
we should learn from bitcoin, all mistakes was made on price, now no one get hacked as individual who had more than 1000$ in bitcoins and using them (thief getting personal wallet etc) i dont count some exchange go rogue or some 3rd party website
the bitcoin wallets (offline for example) idea are secure enough for steemit
and make offline signs on all action after we done writing/voting/using our wallets , but steemit already have that in mind by having more than one key for each action so should be very easy to setup someting up :)
Really awesome work you are doing! Thank you for this amazing platform and for putting in all of the time and effort to keep it safe. These security features are genius. Well done :)
You guys are awesome!
help me to introduce myself and my Sardinia @dan
What do you mean by "They verify you by whatever means they find satisfactory" ?
Is it a system like Hotmail accounts, where you had to answer successfully a sufficient number among 10 personal questions? I know, because i was in the customer service of Microsoft. And even if that was enough in 90% of the cases, you still had some cases when the guys could not remember the answers, or didnt provide enough info, etc...
I'm sure you will do your best! Thanks for the update!