Over the past years I've heard the keyword "mainstream adoption" a lot, but a key requirement for that has always been missing from Steem: What Steem needs desperately is a solution for easy sign up and login like conventional social media offer. Private keys are great for crypto-enthusiasts, but not for the daily use by average users, especially not for those who don't use a password manager.

The solution I propose is a much more advanced version of Steemconnect, similar to what I developed for @travelfeed, but a bit more advanced and with a public API:

• A centralised service operated by a trustworthy party such as Steemit Inc. would provide an oauth API for dApps like steemit.com to implement.
• Users could register/login to this service with email+password (and optional 2fa) or social logins (Google/Facebook/..).
• Users would be required to link their Steem account by giving posting authority to this service once (automatically for newly created accounts, one-time transaction requiring the active key for existing accounts).
• Similar to how Steemconnect operates, after a user logs in, a token is passed to the dApp that can be used by the app to broadcast transactions to the service on behalf of the user. The service broadcasts them to the blockchain using the posting authority.
• Now users could login to any Steem dApp supporting this login option with the login method they previously set up (email+password or social logins). No private posting key needed!
• Private keys would only be required for transaction requiring non-posting permissions, such as transfers or witness voting.
• In case the service was compromised, funds would be safu since the posting authority can only sign a limited number of transaction types such as posts/comments, votes and custom_json's.
• For new users, this service would also offer sign-ups. By requiring additional profile information from social logins, verification would be done instantly for trustworthy users and they would instantly receive a free Steem account linked to their social login(s). They would still be required to store their keys securely, but they would not need the posting key when logging in to apps through this service. If the trustworthiness of a user cannot be verified automatically or the user chooses to not provide additional profile information, there would be a wait time as it is currently.

The option to use private keys without granting posting-authority for full control should still remain for crypto enthusiasts.