RE: eSteem - iOS update v1.2.0 (iPhone, iPad notifications)
I'm a little old school when it comes to security and don't really feel comfortable giving my master password to anyone (including Steemit.com). I'm confused why a follow would require a master password if Steemit.com does not? I think replicating the Steemit.com interface which prompts for active password when needed is a much more secure way to go and builds confidence in your platform. Too many people take online security way too simply, and it's up to us as developers to educate them about password management software, the dangers of password reuse, and of only allowing access to the bare essentials when integrating with third party systems. Once again though, great work. I'm looking forward to the updates and more consistent functionality with only the posting password.
Thanks, you are right. But do you think majority non crypto people understand it? From UX point shouldnt it be more user friendly when they only required to enter password once and app takes care of everything else. Yes, some people was also concerned and main password. App is opensource and it connects to server of choice. There is extra pin code security in place. Let's take it to steemit.chat, would love to hear your thoughts on how it can be achieved...
The pin does help as far as it having your master password in there, so maybe that's enough. I still think the option to only give your posting password is an important one. If they aren't using the crypto features and are just posting, commenting, and voting, they shouldn't have to care about the active or owner passwords. If they are messing with the crypto side of things, I think they should care about the various levels of security and take them seriously. I think the Steemit website took the same approach. I'll try to catch you on chat so we can discuss further.