You are viewing a single comment's thread from:
RE: Steemit to Update Password Policy
Here is a low tech way to choose a good password from Steve Gibson. He also has a random password generator.
https://www.grc.com/ppp.htm
https://www.grc.com/passwords.htm
I never had a problem with passwords. I use long passwords by default. The issue here is most people aren't like me so we need a simple way to generate passwords. So now you're putting the responsibility into the hands of Steemit and how will we know their random number generator is truly random?
I understand this is a difficult problem but I would like to request an expert mode to bypass this for people who know what they are doing. I would also like to know more about the random number generator Steemit will be using and the sources of entropy. If they use a pseudo random number generator then that might not be good enough, but if they get entropy from random keystrokes and mouse movements that might be slightly better and I'm guessing that is how they will do it.
I just use a bitcoin private key that holds no balance... copy and paste to log in
Interesting. Does the Trezor password manager do something similar to that?
I currently do a few one-way hashes.
Trezor password manager is cool but it's not perfect. I've seen better options which Steemit could implement such as Clef. I suggest the Steemit development team implement support for Clef along with these improvements. SQRL is also a good alternative. The ideal is to move away from passwords once and for all and instead move onto "something they have" vs "something they know".
References
https://getclef.com/
https://getclef.com/security/
https://getclef.com/developer/
https://www.grc.com/sqrl/sqrl.htm
https://docs.getclef.com/docs/integration-guidelines
That looks like it requires a mobile phone to sign in to a desktop app. How do you sign in to a mobile app?