I Wish Steemit Had Google Authenticator + Account Linking Tools to Secure Accounts
Source
Hey guys! One thing I'm always paranoid about is getting hacked or losing my account, so I try my best to protect and remember my keys. However, this paranoia still remains no matter how secure I try to be. Then I thought to myself, why am I so worried about Steemit when I have more funds on exchanges like Binance? I realised it's because if someone has my password, I'm FUCKED and if I lose my own password, I'm equally fucked!
Helping Adoption
This paragraph might seem a bit out of place, because it is! I had it at the bottom but moved it to the top. If some of these references make no sense, just read ahead and come back at the end!
Having these measures could help adoption as the average person would probably prefer these OPTIONS (not mandatory). To John Smith, having all your money on an account that could be hacked due to your own carelessness is not ideal. Furthermore, having your money on an account where if you lose your password, your money is also similarly gone is not ideal. These are some flaws of decentralisation, but we CAN counter it.
With 2FA, your accounts will virtually be unhackable, and phishing would be impossible given you have 2FA activated. By linking your account with another trusted account, your account can be returned to you even without your initial password so it's alright if you lose it! But with the 7 day lock-out period, it would decentivise people from losing their password and also prevent people pretending to have lost their password to hack someone else's account. This will help mainstream adoption and current users' ease of mind as it essentially makes it impossible for people to lose their funds!
Google Authenticator
I wish the Steem blockchain had an option to enable it. That would help ease my paranoia tenfold!
To developers out there, is there someway to do this? It doesn't have to be Google Authenticator, maybe an in-built Steem one that works on the Steem blockchain that you can download onto your phone? I'm not sure since I'm not a developer and honestly quite technologically illiterate despite studying computer science (first year!).
When Would You Need to Enter the Code?
Well, why don't we let the users decide! There can be a few options that could require Google Authenticator and users can select whether they want it enabled, for example:
- Changing the master password
- Withdrawing funds over (user set limit)
- Posting
- Upvoting
- Not limited to these 4
In my opinion, it'd mainly be the first two as it could cause irreversible damage and using a Google Authenticator for posting/upvoting is a bit excessive/useless. I feel like this would give me peace of mind that my account is protected twice, thus impossible to hack!
This would also combat phishing attempts as even if scammers have my password, they can't move my funds nor change my master password without having my phone!
Linking Accounts
This idea is a new idea I'm quite proud of, conceived half way through writing this post. Steemit accounts should be given the option to link their account with one or more other accounts. What do I mean?
- Nominate a trusted account from your account
- That account will have to accept the nomination
- This means your account is connected (one way) to your trusted account
- Nominate an email address, this is where your reset token will appear
What does this mean?
Suppose you forget your password, or the piece of paper it was on got burnt, or the computer you stored it on got exploded. You're fucked!
Now let's say you're not!
You enter your username, say forgot password and you'll have the option to send your nominated trusted account(s) a notification. If one of them (just one) accepts that you lost your password, your account will be white-locked for 7 days. This means you can still do anything you want on your account provided you log in, but as soon as you have any activity, the 7 day lockout will end and you won't be able to receive your reset password. Some people have auto votes and auto reward claims set up, so you will have the option to allow these actions to happen during the white-lock if you wish.
If your white-lock is successful, after 7 days you'll receive a new password in your email address and you will be able to use your account as usual!
Suggestions and Discussions
If you liked this idea, please help resteem it so maybe an actual dev will be able to see it! If these ideas aren't possible, you have better ideas or there's anything you'd like to discuss, feel free to talk about it below!!
Thanks for reading!
A bit of shameless promotion below ;)
What to be in the draw to win FREE STEEM EVERY WEEK? Click here for more information!
Want 20-25% ROI on selling votes and be in the running to win 90% of my referral money per week?
Join SmartSteem using this link, and every time I reach 1 SBD in earnings, I'll distribute 90% of my earnings to one lucky winner!
To listen to the audio version of this article click on the play image.
Brought to you by @tts. If you find it useful please consider upvoting this reply.
I wish that too, life will be so much easier .
You did a very thoughtful post
Why not just backup your password to your email and maybe a notepad app?
2FA sometimes fails.
What if it doesn't sync right or the 2FA app gets a bug like it happened with WinAuth, wouldn't that be a worse fate?
What if you lose that number?
I like the current setup. It's easier and even newbies can easily understand how things work.
A lot of people aren't so good with technology. So less complications are better.
The idea of linking accounts... Don't think it's advisable, as you never know when someone might change.
The security of our accounts is always important, but in a matter of money it is critical, because the money of others has always had a large number of friends. "Friends of the alien", the kind of friends that nobody wants to have.