I said "if they want"that means they can easily phish our password (not all of us,but who doesn't have knowledge about hacking/phishing, or new to this digital world)
Suppose If they notify a user after logging in to their app (using posting key +username)
"it's Seems you haven't logged in to Steemit.com,first you need to log in using your steemit username and password to continue using eSteem"
Now I think at least 20% of steemit users will enter their password immediately without thinking anything.
In that case they can ............. whatever.
And out of this there are so many ways to stole our money, I just give an example.
Interesting. But.. this goes to key management and trust. With the current system, using a master key only on steemit, you could change master key on logged in site and then cancel power down or otherwise.
I said "if they want"that means they can easily phish our password (not all of us,but who doesn't have knowledge about hacking/phishing, or new to this digital world)
Suppose If they notify a user after logging in to their app (using posting key +username)
"it's Seems you haven't logged in to Steemit.com,first you need to log in using your steemit username and password to continue using eSteem"
Now I think at least 20% of steemit users will enter their password immediately without thinking anything.
In that case they can ............. whatever.
And out of this there are so many ways to stole our money, I just give an example.
if only esteem used steemconnect... lol
They can still.... using the above formula.
I recomend you please read this screenshort from steemtools.com written and Disclaimed by Steemit.com
Interesting. But.. this goes to key management and trust. With the current system, using a master key only on steemit, you could change master key on logged in site and then cancel power down or otherwise.
Ok 👌 as you think,I'm also not an expert in this field, however Nowadays anything can happen anytime,just remember this.