Hi steemians,
I am proud to participate in this Development Incentive Program. that was mentioned in steemit blog. My proposal is that a secure browsing experience should be available to all users and phishing should be eliminated.

I have seen many times on our steemit site hackers send unwanted spam links to users to force them to take the posting key and then use it to enter their account, Many users have been affected by this and many have lost their valuable and saved SP and Steem. We called this threatening Phishing.

Besides many ways, they steal our posting hey, for a number of reasons, including the fact that many users still use it to sign in to Steemit.com and a number of other apps, the master password has to be phased away. This alteration was therefore necessary in any case. For the deployment, we did improve our communication, but it is now clear that this was insufficient. While we don't foresee making any adjustments as significant as this one any time soon, we will take into account all of the comments as we move forward. There are many advantages to restricting social media to key postings exclusively.

The difficulty of web authentication poses a risk to the user experience if it becomes unduly complicated and onerous. Due to their functional capacities, aged and visually challenged users need this experience even more. Web apps often ask users for information that they alone are aware of in order to verify their identity. Two-factor authentication (2FA), which requires the user to manually transfer information between 2FA devices and the Web application, is being adopted more frequently to increase security. This approach may create usability obstacles and put a strain on people's memories. This study suggests a method to address these problems by utilizing wearables as the 2FA device and enabling the seamless and automatic communication of authentication data from the device to the Web application.

In order to address vulnerabilities in the single-factor authentication model, web service providers google, yahoo, and bing has embraced two-factor authentication (2FA) more frequently. This often takes the form of requesting a one-time password (OTP), which is a one-time code that can be obtained from the user's OTP device after the first element of authentication has been successfully completed. The verifier has a right to assume that the user is in possession of the device that can generate or receive the OTP after getting a correct OTP. OTPs can be generated in a variety of methods such as text, special characters, and numerics. The system could send OTP to the user by phone or email.
We can also adopt and handle such a secure strategy in our steemit ecosystem. By doing so our users have a secure browsing experience and a hassle-free password-saving method will be provided.

Cc:@hungry-griffin @jyoti-thelight @nadiaturina @lavanyalakshman