Steemit Releases Groundbreaking Account Recovery Solution
Today we would like to introduce our innovative approach to securing user accounts. As far as we know, our solution is completely new in the cryptocurrency space and will raise the bar for security on all platforms. So before getting into our solution, lets give you some background on the nature of our security challenge.
Background
A recent post by @karnal talks about how no browser based wallet can ever be completely secure.
It is incredibly difficult for services like blockchain.info to keep user wallets secure and they have a major advantage over steemit: they do not display user-generated content. The mere act of displaying user generated content means we must filter said content for anything that could be reinterpreted by your browser as a request to send your passwords elsewhere. Filtering is very hard to perfect, something eventually gets through the cracks.
Recognizing what is Impossible
We recognize that it is impossible to prevent all browser side exploits. The reality is that there are too many factors that are completely outside the control of steemit. These factors include browser vulnerabilities, plugin vulnerabilities, phishing attacks, man-in-the-middle attacks, etc.
Some people suggest going to extreme measures such as hardware wallets and downloadable apps. The reality is that this approach to security is extremely costly and harmful to the user experience.
Steemit will do everything it can to give users the best possible options to secure their accounts. We also know that only 1% of users will actually use the best options. For most people, convenience trumps security.
I can put this into real world terms. It is impossible to prevent someone from breaking into your house. You could spend millions of dollars on the most advanced security systems and people can still break in. Not only that, every extra security measure adds inconvenience to your life and requires constant vigilance. Even a Nuclear power plant in Iran that was completely disconnected from the internet was hacked.
At some point the cost of preventing a break in is higher than the cost of recovering from a break in.
Attempting to do the impossible is bound to fail. Instead Steemit will take a new approach.
Recovering from Theft
You may not be able to keep thieves from breaking into your house, but at least you know you can get back in and change the locks. This is the approach that we are taking.
With Bitcoin and other cryptocurrencies a hacker breaks into your house and changes the locks. You are unable to get in without "hacking the hacker" and that is almost impossible for 99.999% of people to do.
With Steem all of this is going to change.
If your account gets stolen, then you will be able to work with Steemit, Inc (or someone else of your choosing) to recover your account. All you will need to do is have access to any key you used on your home in the past 30 days.
The thief got into your home because he got a copy of your key. From the blockchain's point of view there is no difference between you and the thief. From the outside world's point of view there is a huge difference.
In my previous post I challenged the concept that "Key is Law". I made the point that for blockchains to protect property rights they need to factor real identity rather than just evidence of identity. Your password (aka private key) is just evidence. It is not absolute proof. The mistake blockchains make is to assume that it is proof.
How it Works
When an account is hacked there are two or more competing claims of ownership because multiple parties may have access to the password. The blockchain simply needs a way to break the tie and pick one claim over another. This requires three things:
- Time
- Monitoring
- A trusted individual to vouch for you
Time
If there is no time period during which key changes can be challenged, then the first person to change the lock wins. The more time you have to respond, the less chance that someone will get away.
Monitoring
If you are not paying attention then all the time in the world will not be of use. You need to be notified every time the key changes on your house. This notification gives you the most time to find a trusted individual who will vouch for you.
A Trusted Individual
A trusted individual is someone who can identify you independently of your key. Steemit can identify users by their email, facebook, and reddit logins (if you signed up through us). You could also use your mother, wife, employer, or friend, or other 3rd party provider.
The Process
When you notice your account has been hacked you contact your account recovery partner (the trusted individual) and ask them to submit a request to change the locks on your account. They verify you by whatever means they find satisfactory and then submit a proposal to the blockchain to change the locks to the ones you gave them.
Once the promposal is submitted to the blockchain, you will have 24 hours to login with both your old and new keys (aka passwords). Any key you used within the past 30 days is sufficient. If you login in time, then the keys will be changed and the hacker will be locked out.
If you don't have a key that was used within the past 30 days, then your account will be unrecoverable.
Why it is Secure
This process is strictly more secure than what any cryptocurrency offers today. Your trusted account recovery partner does not have access to your account because they do not have access to any of your keys. This means that your account is secure unless you are hacked by your account recovery partner. Because you know who your account recovery partner is there is little chance they could hack you and get away with it.
What if your Recovery Partner is Hacked too?
In this case, they would simply appeal to their own account recovery partner. Once they recover their account, then they can work with you to recover your account. It is exponentially unlikely that the hacker can compromise all accounts in a very long chain of recovery partners.
Changing your Partner
At anytime the owner of an account can request a change to their recovery partner. After a 30 day wait (during which the change can be challenged), the recovery partner is updated. This means that if you buy an account from someone, then you can rest assured that they cannot take it back. It also means that if you don't like your current partner then you can change it. The recovery partner has no say over the process.
Selling / Transferring Accounts
Under this system it is still possible to transfer accounts. You must either notify your recovery partner of the change or change the recovery partner. Transfers can be instant if you both trust the recovery partner, or they can take 30 days if you don't trust the recovery partner.
Keeping the Horses in the Barn
When a thief breaks into your house he can still do a lot of damage while you are getting the locks changed. Any cash you have laying around can be taken. You may get your house back, but the cash is still long gone.
Enter Steem Power
90% or more of all wealth in Steem is held in the form of Steem Power. This means that even if the thief gets into your house, he must wait for the time-lock safe to unlock before he can get to your cash. As long as you get your account recovered before your account can power down (1 week) then 99% of your Steem Power will be safe.
Future Work
Now that we have a rock-solid account recovery process, we will add features for people to hold STEEM and Steem Dollars in time-locked "savings" accounts. These "savings" accounts would add a multi-day delay to any transfer request. If your account is hacked, then you will have a few days before your "savings" is at risk.
Conclusion
Steemit has created a solution to account security that is completely decentralized and based upon real-world identity rather than the poor substitute of a single private key. The entire social network collectively secures and identifies each other. It does all of this without introducing an increased level of trust nor requiring a centralized provider.
Under this model it should be completely unnecessary to hardfork in response to a hack. Any money that does get lost will be small amounts of liquid cash held outside of Steem Power or the time-locked savings accounts.
Due to these extra measures, Steemit can continue to provide a web-based interface even though keys will get stolen from time to time. What won't get stolen is account identity and that makes all the difference in the world.
In information security speak what Dan is talking about is incident response and disaster recovery. As long as the system you build has an ability to "self heal", which means to recover from attacks and develop immunity to future attacks which use the same methods, then you'll do fine. The attacker might be successful and in that event the system is resilient enough to heal and recover continuously from threats like an immune system.
Roaches for example are almost impossible to exterminate because they mutate so fast, reproduce so fast, and adapt to threats so fast. This indicates that roaches are incredibly resilient to attack because diversity and fast mutation provides collective security for the roach species. I wrote something about this in an article called Attack Tolerant Information Systems, and the point is you're never going to be able to prevent attacks but you want to build systems which tolerate being attacked and develop an artificial immune system of a sort.
That kind of solution may go beyond what Dan is talking about with Steemit so far but I thought I would mention it anyway for people interested in the state of the art in security.
Convenience vs security can be bypassed if you have good disaster recovery. Group owned accounts using multisig is the best idea. We can secure our accounts through our social networks of friends. If we are using Facebook then in the event of a compromise we can confirm on Facebook that it is us. Or we can simply use a PGP signed message which I also made a section for for on Steemit. If you know how to put up a PGP public key then I suggest you put one up in your blog just for Steemit.
Although, not completely related to the technical aspect of your post- I discovered a method of roach extermination on Amazon.com -which proved to be more effective than modern pesticides. Boric acid pellets worked more effectively because the roaches will crawl upon the pellets and often ingest the powder from the pellets as well.
Aftéwards, the roaches will transport the powder from the pellets back to the nests via its limbs. All of the roaches in the nest are exposed to the Boric acid residue introduced by the host. The host dies and all of the roaches in the nest as well.
Their ability to mutate and reproduce is cancelled within the nest environment. All other roaches -when exposed to the morbidity within the nest, will eventually flee the immediate area of infestation.
I believe modern manufacturers of pesticides discovered that boric acid was less profitable-because the roaches ceased to mutate, reproduce and develop the instinct necessary to evade attack.
Pleas check out this post I made about a steemit Bug the dev's should see this post so they can fix it. https://steemit.com/bug/@stijn/steemit-bug-needs-to-be-fixed
I commented in the wrong place sorry (edited)
this is incredibly interesting, thank you.
Pleas check out this post I made about a steemit Bug the dev's should see this post so they can fix it. https://steemit.com/bug/@stijn/steemit-bug-needs-to-be-fixed
https://finance.yahoo.com/news/darpa-grand-cyber-challenge-hacking-000000417.html
This sounds like a lot of the concepts developed by James D'Angelo. I hope he's being reward it!
I'm confused, are we able to use multi-sig on steemit yet?
I have no idea what you are all talking about but its interesting and I guess I have to learn how to lock my new steemit home ...Thanks for this @dan , you made my head very dizzy :)
Good lord! This makes me so insanely bullish on STEEM.
I think this can solve so much of the bad press and bad UX that have hindered adoption of crypto in general.
This solution is decentralized and can be applied to lots of other fields. Very similar to the way private law would operate in a Voluntaryist society.
The fact that STEEM has the vesting feature just makes it all that more robust.
So let me get this straight.. first you find a way to onboard non-crypto people into the crypto world.
Then you find a way to make POW non-ASICable (by posting, commenting and upvoting).
Then you figure out how to effectively peg a cryptocurrency to the USD.
Then you find a way to make transactions on a blockchain free.
Then you find a way to build a browser side open bazaar.
In fact pretty much everything is browser side for the masses to just type www. whatever and begin...
Now this genius free market solution to preventing theft!
Hat's off to you and your team...
As I said in one of my very first BitSharesTalk posts "Can we get a couple of full time security guards to guard this dude's house while he free's the world from tyranny?" haha!
Very innovative concept. As many of us know we can always expect fresh creative and ingenious ideas from team Larimer!
Guys this is brilliant. this is why i dont mind investing into this, the devs are just world class.
right on the money
When will we see in the GUI
This post is only about the technology being deployed in the hardfork taking place in 24 minutes. We are working to improve the web interface to take advantage of these features.
Yeah this is why Steemit is going to be successful compared to these other complicated cryptos that most people in the world would be confused/possibly scared by..
I believe in STEEM all the way which is why I'm holding out for my helicopter and island.. I tried to inspire people in a post I did yesterday called What sounds better.. a new car or a yacht?
Check it out and let me know what ya think :D
https://steemit.com/investment/@stealthtrader/what-sounds-better-a-new-car-or-a-yacht
My account was hacked and I did not receive any support via email from steemit support. They did not do what they presented.
Dan, it may be a good idea to state the timeframe for this recovery process to be fulling implemented and in effect as some folks me immediately become more relaxed on security, misunderstanding that the procedures and protocols are not yet in effect.
All I can say is that our developers are working around the clock to get this out as soon as possible.
The necessary blockchain level features are now in place. The web interface to enable the use of these features to recover accounts is half done and will be deployed as soon as it is ready. We wish to make the experience as smooth and seamless as possible to recover your accounts.
Thank you and please take your time. I am sure we can all wait for a solid implementation, rather something done under the pressure to rush out with!
Thank you and your team for all you're doing as far as security. It really says a lot about your commitment and responsiveness to the community needs... We're all grateful for the project overall Great Work!!!!
This is amazing, ground breaking is the right word, and the idea of a security parter goes hand in hand with steemit being a social network platform. This is also easy for the average person to adapt, no technical savvyness required.
There is a concept called "Social Networks as Contract Enforcement" in academic literature. Not only can you provide security in this instance but you can possibly do loans and other things which require trust. So for goods and services I think Steemit can expand into that too and compete with the likes of Open Bazaar with an edge.
Open Bazaar you say.. when the steem dollar marketplace launches, you wont be saying "Open Bazaar" anymore
How do we go about chosing a partner?!
by default all accounts have the account creator (steemit) as the partner. If you are an advanced user and pay to create a new account, you will be the partner on the new account by default.
We will provide an interface in the wallet as soon as possible. Please understand that interface work takes much longer than backend work.
Thank you for taking the time to answer our questions. You guys are under a lot of stress and pressure and, I imagine, lack of sleep. We appreciate you and please take the time to do it right. thanks.
I'd like to know how we choose a partner also?