What if user would be able to import key from permission tab with user friendly QR codes?
Right now if you want to use mobile app like eSteem or Steepshot very first step after installing the app is extremely painful - you need to manually type generated very secure but extremely long and inconvenient password.
On boarding should be as easy as possible. Of course "Steem Login and Signing Service for Third-Party Applications " which is mentioned in Steemit 2017 Roadmap should solve this problem, but it is planned for Q3.
In the meantime something simpler could be build and integrated with steemit permission tab:
Blue QR for public keys:
Red QR for private keys:
!Possible integration:
(posting key used in this example is not real ;))
Conclusion
In recent years applications like Snapchat have popularised the usage of QR codes. They are simple, fun and powerful. We should make sure that developers of 3rd-party applications can onboard steem users in their apps easily.
So far this is just an idea, but I am very curious what you think about that. Also... I would like to know what developers of mobile apps build on top of Steem network are thinking about this idea: (CC: @good-karma, @pmartynov, @vitality, @anch, @korzunav, @kirill.volkov, @nikitz)
If you like this idea, please leave your feedback. Consider following this account ( @noisy2 ) or my main account ( @noisy ) - or both :)
Cheers!
Always good to have new tools that will simplify the onboarding process. I'm confidence that as we move new user will join easily.
We are actively working on SteemConnect, which as you noted is due by Q3.
The point of building that is to prevent apps from handling private keys in general. Too many services have handled user keys or held user funds and been compromised, so we want to avoid building features that encourage that usage.
That said, for just a posting key, and just for a few months until SteemConnect 2 launches, I think a QR is a good temporary measure (as long as anyone using it to import keys promises to switch over to using SteemConnect when it's ready). I'll see about getting this implemented.
Will non-Javascript apps be able to use SteemConnect 2? Is it going to support fork-chains, like Golos?
This very idea was brought up one of the beyond bitcoin hangouts that I have joined. It is quite easy to implement this, but it comes down to security. And you have to open steemit wallet to scan QR image? It is more steps than just copy pasting your password, isn't it?! And how about if user doesn't know about steemit. I would love to explore/brainstorm the possibilities until we find best way, security wise and usage wise.
You mean copy from your laptop and paste to your mobile phone? Also what particular security issues do you mean?
If you have your private key saved on your mobile, it is just copy and paste. Even that is not considered secure, but that's another subject. What I am particularly worried is to get QR images... If steemit will enable it back that's great, it might help to easily connect your app with steem account. But if user starts to generate QR images themselves using 3rd party services then that's a problem.
Yes, but you have to save it on your mobile first. If you used you laptop to register an account on Steem, then you have to manually type your posting key on your mobile device. Emailing or messaging it to yourself just doesn't look secure enough to me.
It would be great if Steemit could just re-enable QR codes in steemit.com, so that there's no need for a user to type in the key to store it on a mobile phone.
If you consider replying to the users that comment on your posts it would be awesome.
Done :) Thank you for a reminder.
Typing the posting key manually is super confusing and annoys a lot of people. QR code representation of keys might push the login process for mobile apps to a new level.
I'll think about possible ways of implementing this, thanks for your idea!
Looks like that's already been implemented in condenser.
@jcalfee, any specific reason why these lines of code are still commented out?
You were able to and perhaps you still can. I saw this feature in steemit.com months ago but I don't know undrr what circumstances it is enabled or if the feature was removed. A command line qr generator means I can move secrets from my pc to tablet without going through the Internet.