The Timelock Function - It was written - We want it, Proposing to implement it!

in steem-security •  4 months ago

08922036543.jpg

Securing STEEM Accounts with an extra timelock was written by @picokernel here: https://github.com/steemit/steem/tree/htlc-operation. I want to shine some light on this because I see a need for extra security in order to negotiate a better insuranse policy for my company and its cryptocurrency holdings.

Making STEEM more secure then it is now!

SteemPower which in itself is a great function, but in addition we seek the functionality to enter an extra password when logged out of our devices so that changes like delegating/undelegating, withdraw/power up/down will be delayed by for example 12 hours or years unless the extra password is entered.

a 2FA for your brain - Your capital account is now running in SAFE MODE - Go on Vacation!

This extra password can be an easy to remember password, a 2FA for the brain, you log in or out like normal - but if you are going to do any activ/owner key related this timelock will give the legit owner extra security in order to cancel a transaction and undo everything a malicious attacker has done.

We are also feeling HF20 is overdue, still missing functions from HF19, 18 and even 17

Thank you for reading, please take time to analyze and comment below. For 24/7 Voice and Text chat about STEEM development, come to http://STEEMspeak.com - STEEM will be 2 Years in 2 Months - Vote for @fyrst-witness and as always, steem on and have fun :)

unnamed.png

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  Trending

If the feature is ready why not roll it?

In general last half a year I see steemit.inc pursuing piece of buzztech called SMT having completely forgotten about all the rest. If you so much like big RnD projects then build a separate team to run them. Now the platform needs are lost, community socially deteriorates and steemit.inc just build another level on their ivory tower.

This aprroach is fundamentally wrong.

·

SMTs are important too, but securing capital accounts better on the blockchhain level is even more important. If we are to hold major amounts of money on this network, then this timelock security is a solution there are many issues for and I agree, why not roll it. Just do in.. @ned, got some time for a friendly steemspeak talk tonight?

·
·

@fyrstikken - thanks for your reply but..

  • We need to think the scaling problem out. Time is short
  • We need far better frontend
  • Bandwith issues starting to affect minnows left, right and center
  • We have voting bots on a loose which break the whole content ranging system
  • SBD unpegged from dollar and doors to real commerce on STEEM platform is shut.

And these are only the worst problems. SMT will make things worse, not better.

·
·
·

are you not making money on all this?

·
·
·
·

I see potential far greater than any short-term gain if these problems would be solved.

·
·
·
·
·

Well, those problems can be solved. But with an SMT market that will require capital, a system to secure that capital is IMO needed so we dont end up like bitshares without liquidity because people prefer bittrex with 2FA locked in instead of holding coins on the internal marketplace which is only a lost active key away from being stolen...

·
·
·
·
·
·

It is recommended to use multisig wherever possible in SMT whitepaper.

·
·
·
·
·
·

Very good point. Even bitconnect has 2FA.

·
·
·
·
·

I agree, the long term needs to be planned for, this short term crap is getting tedious.

·
·

The program is interesting ... But I mostly trust the identification via the phone by SMS.But there is no such option on steemit.Good post @fyrstikken !Good luck to you!

олло.png

·
·
·

Cell phone security warning. Be careful with cell phones and SMS.

·
·
·
·

Open authenticator like former gauth would be far better.
Don't know why we hadn't blockchain project working on it.

·
·
·
·

Agreed no cell phone security don’t do it Authenticator seems to be good

·

I like your post if you have time to visit my bog because I am newcomer in steemit

I agree. For instance, the apps have a bit too much permissions even with the posting key. There is a need for a more layered security model and a password could be a start!

Timelock makes sense. Steemit.Inc and witnesses where talking about it on @aggroed's Steem growth forum on @msp-waves Radio in December.

·

yes, much talk, much github work, but also delaying releases that could be implemented while other github issues are being worked out... Feeling no sense of progress at the moment.

·
·

Perhaps a regular forum WITH Steemit.Inc on the panel would help instilling more confidence and most importantly: Set expectations.
cc: @aggroed

·
·
·

@globocop Yes, it would be good to hear from and ask @ned some questions and have some of them answered, @aggroed.

You cant have too much security,, there should simply at least be an option for the extra security.

·

pocketsend:100@fyrstikken, thanks!

·
·

Successful Send of 100
Sending Account: bachone
Receiving Account: fyrstikken
New sending account balance: 1000749
New receiving account balance: 198
Fee: 1
Steem trxid: f40bcf5956e2ace7991059e4ab3feed0950c750f
Thanks for using POCKET! I am running this confirmer code.

I like this idea and I respect that you're thinking about security @fyrstikken, as many platforms and users are not thinking about this. You are right that this will become more of a concern. If people do not feel that they can secure anything on these platforms, will anything else matter?

Some users on this platform may be similar to btc-holders who are willing to keep what they have locked. I think adding an option to set a lock for a period of time also may be beneficial, such as a person selecting no power downs for 10 years, which restricts the account in case of compromise.

Nice to see you again, @fyrstikken .

You've certainly touched on an unanticipated problem. Now that Steem's market cap is ~$1.5 billion, a whale-sized account represents a lot of money. I'm only a small orca, but the market value of my account is five times the market value of a 1 kilogram gold bar.

[Fun Fact: While I was verifying the above, I found out that APMEX now accepts Bitcoin...]

That's a wee bit scary when ya think about it. If I owned the equivalent in gold, I'd prolly store it in a safety deposit box or vault.

Even if a randomly-generated password is strong, it still represents a point of vulnerability. Like a key to a safety-deposit box, passwords can be stolen. Your suggestion certainly has merit.

Thank you friend, for the opportunity to comment on the issue of long-promised, overdue Steemit functions.

"We are also feeling HF20 is overdue, still missing functions from HF19, 18 and even 17"

I have written about a feature that was long ago promised to be in HF17, that is the ability for content creators to edit any of their older posts, without limit.

Instead of giving us that, our ability to edit was reduced from 30 days to only 7 days... :(

I have written about this again, and again, and again...

I'm still waiting!

Good luck, @fyrstikken, in getting your Timelock Function implemented... :(

😄😇😄

@creatr

With the increasing value of our cryptocurrencies, I think it is very important to have more security of our securities deposited in our accounts, never is an extra password, we know that hakers are at the forefront and expectations to operate.
excellent initiative dear friend, many successes in Timelock implementation
I wish you a great day dear friend @fyrstikken

steemit is growing even people are trying to have an account to join. as the number of users is certainly very useful what you have developed. comfort is needed here. maybe i will keep finding out about this. many people still lay in this, let alone in my area. I really need more instructions. I have also joined your channel on discord. thanks for information sir. i always like you ..

this seems to me a very good discourse. I am very happy to hear this. I have never felt HF20. I hear it is very beneficial to the users. thanks for information sir. i like you

yesterday I saw your post against golos. as a developer you always pay attention to small fish. i will study this further. I am very glad you are always thinking about the convenience for the users of this incredible platform. in my steempeak is still very layman. but I will keep looking for information. i like you sir

Upvoted and i had @tytran upvotre and i resteemed this is SO imp[ortant

we NEED time locked steem accounts so people can be FORCED to save their money!

FORCE people to hodl with this system!

I dont understand this... my brain is too flat... but I beg for a vote on my latest song : https://steemit.com/openmic/@lasseehlers/30m5crgz

Thanks buddy for this post. Cool function you are talking about.

That would be great. Maybe steemit should have "experimental mode" with many optional function that you could turn on/off.

I hold a tiny fraction of what some of you cats hold and I would feel much better about having more security. A time lock 2FA is a brilliant idea. Coinbase as much as I dislike them have a 2FA SMS authenticator that you can elect to apply every time or 1 log in is good for 30 days.

No such thing as too much security. Its funny I didn't give much serious thought my PC security until I started HODLing cryptos.

Now guarding my coins like.....

As there any 2fa security for steemit.. Every cryptocurrency side have these features
but i think in steemit this security is absent... @fyrstikken

what a nice post, thanks for making steem @ insurance policy,good share

Very good fantastico post friend, you give me a vote of support

Thanks for sharing this post..I appreciate your security ..Thanks my dear..

Coinbase I think is doing something like that and a second authorizer person for the nuclear button lol
I always log in with my posting key for withdrawal you need to enter your master key in steemit that’s another good security.

Thanks for Steem by @fyrstikken

Nice a good post .visit my blog when get free and vote me plzz

2FA or a second confiscated password isn’t a bad idea for functionalities.

2FA would be an excellent security addition.

On the 'what should we focus on besides SMTs' issue I might put together a few surveys of users to find out what users actually want.

For all the talk of 'community' as far as I can tell there's no attempt yet been made to systematically guage user views. (Commenting on 'Road map' posts gives an idea but probably isn't representative'.)

Ironically, as some other people are doing with their guides to steemit (eg @jerrybanfield and @paulag), such data gathering would need to be done off platform!

I'm also thinking of what methods I might use to assess why there's an 80-90% attrition rate.... how do I get a representative sample of those who've left?! That would also be informative.

Ironically again, I notice an SMT video is top of the trending pages ATM.!

PS - this was meant as a reply to the first comment thread above!

I am all for an added layer of security. For now I use Lastpass chrome extension with all my things including steemit.
Steemit however are for many a substantial part of their income or even net worth. Many are travellers or digital nomads and bring their laptops everywhere. Hopefully no one will fall victim of an attack.

Will follow along as this area with security is very interresting.

Excellent information, very nice post
, thanks for sharing

I think great timelock function for steem account security, This is a very good way to make it more secure, we need something that is more secure in steem

An extra password for wallet related services will definitely be important. It will make one feel safe even when sleeping.

steemit is developing even individuals are attempting to have a record to join. as the quantity of clients is positively extremely helpful what you have created. comfort is required here. possibly I will continue getting some answers concerning this. numerous individuals still lay in this, let alone in my general vicinity. I truly require more directions. I have likewise joined your channel on disunity. a debt of gratitude is in order for data sir.

TimeLock coupled with our Steemify app to receive an instant notification of a powerdown on your account would be supersecure ..

I for one think this is a very good idea ... 2FA is everywhere and with holdings as large as yours (but as low as mine as well with current steemprice) would benefit greatly from the extra security

Perhaps the TimeLock could be a length of time chosen by the user itself even. Allowing for some flexibility.

Hi, @fyrstikken ... How are you.
Personally I would like to thank the security team who has tried to strengthen the defense in the central platform of defense and security of steemit, and also to Mr. @ fyrstikken who has raised this security article as important information to all of us.

Personal assets in the form of steam and steam dollars (sbd) is something that is very important to get extra protection because this property is the result of a business that has been done for months. Of course we can imagine how disappointed if our swallow looks zero, but that's not the content.

Security development, of course, is based on a convenience perspective. And every security development is always through a very mature review process that gave birth to modern civil defense system theories. The development of a defense system should be structured, systematic and priodic. The objective is to know the breakthrough theory (because they are doing the same), so they must start with new observations, and so on.

In my opinion, the standards of defense system development should include the integrity, base system, downstream and third parties such as telecommunication companies (they also have their own security systems). Fundamentally, 90% of system security occurs between the central security system and the account owner, I would say that the security system must be smart in deciding an action (the action must be done), if something happens to an account then the system center has a definite decision. So the center of the security system is not just as a comparator of authentic data between data stored in the central database with the data that has been delegated to the account owner, then a decision occurs. This means that the defense system is not limited to the understanding of the doorstop. You can see the fool of a bank defense system to this day, if there is a robbery then emergency signaling lights start up at the police station and the robbers know that. And third parties, they are used as an authentication bridge based on their own defense principles. Why 10%, because they are outside of the main defense system platform, and 10% of it anything can happen.

What I have described above is an intelligent artificial intelligence-based integral system. Do not preoccupy account owners who have low knowledge of technology interactions and are forced to follow your guidelines in high emotional stress because they are in big trouble. That is, the center of the defense system must be able to break any potential crime before the crime occurs (sorry I'm just talking philosophy here, not technical, that's your business). An interesting case and in my opinion very small, too small for a platform as big as blockchain. One day my friend (A) asked for help from another friend (B) to sell his steam. Si B approves the request, and the A knows what to do next. Then A does a 370 steem transfer to account B in bittrex, what's wrong ...? A does a 370 steem transfer using sbd memo. A very panicked because of the incident, the whole effort taken but in vain, steem does not come back again. The question is simple, is the system there sleeping or blind? ... or is it created?

So, Intelligence, maturity, wisdom, fast and precise, is the deepest instrument of a powerful modern defense system. And one more important point, the center of the defense system must be able to conduct feedback to criminals through direct information to the criminal police of Syber to catch the culprit.

Not bad copy idea Google authenticator but better will be if it too worked on mobile platforms(ios, androind). Human don't wear or bear second notebook or pc in pocket. As a result, it not safely if all passwords will be stored in one devices.
Screenshot_2018-01-25-11-13-13-860_com.google.android.apps.authenticator2.png

good post, I like your post ..

I need your support please visit my blog https://steemit.com/@muliadi
if you like my post please give upvote, resteem &follow me.
thank you, keep on steemit

time to make it secure and easy as heaven ;)

That would be great!
I hate having to change keys every time I wanna transfer,ect....
lic.,regs., and ins. please...lol..

If it comes with a toggle for those not so worried, I'm in.

Isn't this what the savings wallet is suppose to do? If not, how is it different?

Good move. The rate of account theft on steemit is quite alarming and is a minus for potential investors and the likes

This is a great idea @fystikken I am very interested to see this happen.

This is a good idea

There is no value of time near Allah.

I really like your posts @fyrstikken.
I hope you can also post my posts.
I need your vote and support
https://busy.org/photography/@dekna/photography-in-my-life-with-dekna-hewan-kesayanganku-0dd5bff2b5b09

I do not oppose any updates that will bring us more security, so I'm 100 % positive to this suggestion! I would certainly feel even more safe going on vacation if I knew that no one could mess with my account even if they manage to break into my house, find my keys and access my account!

We are also feeling HF20 is overdue

Same. It's been ages since we got any new information about it, and I would love to see the HF20 features coming live soon.

This is such a great idea.

This is very important in deed and actually not that difficult to implement.
How can Steem OR SMT's be expected to get HUGE without this or a better upgrade?
You see very clearly these things and it is nice how simple and direct you put it.
* DUH!***