Increase STEEMIT Security (OTP)
Steemit is a great platform and it is shining brighter and brighter day by day. It has one of the coolest and helpful community in the entire crypto world. But one of the downside of the STEEMIT is the security. If a person has mistakenly received somebody's master key then he/she can do anything with its account. I think there must be a better way to maintain security on Steemit. I agree that SteemConnect V2 has greatly improved the overall experience and security in order to access the third party services but there is something missing and I think there must be more than 1 step of verification while using the master key or active key.
OTP Verification
My idea to increase the security of the platform is to implement the OTP based on the Email and Phone number that a user has provided and it must be a mandatory field. So if a user uses its Master Key or Active Key anywhere related to Steemit then after verification of the key there must be a middleware in between which would be OTP (phone or mail or both) and after verification of the OTP, the user operation will be performed. However if a user is using Posting Key then OTP can be avoided based on the user's preference.
It is not going to take much of a development effort but it is going to make the platform a lot more secured. In this way a user will feel more secured and won't have to be so conscious all the time about the master key.
SMTs and HF20 are going to be a boom for Steemit and there are going to be a lot of users on the platform so there is necessary need to make our platform a little bit more secured so that we can server the incoming users better and more fulfilled way.
Let me know what do you guys think about the same...
Regards
I know the opinion of the Steem devs is that 2FA is overkill, but it really is a good idea to allow the option at this point.
SteemConnect is great, but logging in is still not secure if your PC is compromised.
I'd really like additional security measures as well.
Likewise... Thanks for the support :)
agreed! got my vote on this one!
Thanks
It's not possible. The keys give direct access on a blockchain level, there's no way to include a middleman service.
okay. I am not into the crypto development stuff, But If we can't add the OTP after the key verification then let's add it before the key verification. A key will only be verified only if the OTP verification is completed. Is it feasible?
No. That'd still require a middleman service to verify. It could be done on a single site, i.e. steemit.com, but other sites and services (busy, dtube, dlive, steemdice ...) would still work without that additional verification.
I am getting your point now. But I guess we should definitely look forward to its implementation even if it is required to be implemented on multiple platforms. More efficiently we can create an OTP module for it that can be imported for its implementation. I am not saying it to implement it now but this would be a huge add on to the platform's security.
Let me refer to my first reply:
It is not possible.
Steemit Inc. may have phone numbers and/or email addresses of some users, but only for accounts that were created by them. Nobody else has them.
And even if it would be implemented on all the front ends, the blockchain will always allow full access with the keys.
Oh Ok, My bad. I get it now.
This feature will be too good. I have already written a post similar to this.
CoOL!
I am more inclined on hardware wallet.
But I like your security model with OTP.