Account Security Homework: Authorized Apps
Dlive is no longer using the Steem Blockchain yet they still have many authorized posting privileges from steemians. Add in all of those DApps that people test out, yet never use people might be surprised how many accounts could maliciously act on your behalf as they still have Active Authorization Tokens. Most will only have Posting Privileges, but this is enough to harm your account.
While I had a different post in mind the comment below in @steemcleaners's discord today made me change my planned post to this one. As account security is of utmost importance and this is timely it made sense to make this a priority so please take a minute to read this and ACT NOW.
Comment in Steem Cleaners Discord on March 2nd
I'm guessing many people don't realize that if you give authorization to a dApp that until you revoke that token the authorization is still there. It's your job to protect your account and part of that is removing authorization to accounts you aren't actively using.
So it's time to do a little housecleaning....but how? Thanks to SteemConnect which most of us use to log into dApps it's actually very simple to take care of removing the Authorization Tokens.
Go to SteemConnect and log in on this page: https://app.steemconnect.com/apps/authorized
You will get a screen that looks like this:
Click "Authorized Apps" and you will get a screen showing you all of the apps you have given authorization too. Our list isn't to bad, but I'm cleaning it down to the couple that are used on a regular basis.
Part of my logic as I cleaned house was on an account like dPoll which I use to vote in polls, but there is no reason to leave that token in place so I will be deleting it. Next time I vote it will require me authorizing them again, but until then our account will have no risk.
An account like Steem Auto needs to be left alone as I need them to make some auto votes for me on a daily basis.
And with it cleaned up there are only 3 dApps I need to worry about getting hacked that have any access to @pifc.
I will likely remove Steem Dunk as it seems that Steem Auto has stayed up and working correctly for a while now. Was using SteemDunk before since it was more reliable, but lately there haven't been issues with either so no reason to have both running.
Anyways that is it. Very simple way to protect your account. Please comment below and let us know how many Authorization Tokens you got rid of.
I was looking for exactly how to deauthorise Steem Connect Apps and couldn't work it out.
So thanks for this. I have deauthorised dlive.
Glad to help
¡Hola @pifc! Gracias por la información y el enlace, tambien limpiare mi cuenta, un abrazo.
Pretty great idea to clean this up! Thank you for the reminder. Mine is a mess.
Thanks for this. Also resteemed
Posted using Partiko Android
Great idea to protect stakeholders from bad actors which are ways around taking advantage of the rest!
Posted using Partiko iOS
Steemdunk is a safe one right @pifc? Because I use it as my auto-vote services and I just need to wait for a couple mire time😉 to use the premium services (need few more SBD😊) but.. why do I think that using steembasicincome to support others is best than auto-vote services?
Steem Auto is free even when you are following more people. SteemDunk is safe, but with it's cap on how many people isn't the best option IMO.
This post has been included in the latest edition of SoS Daily News - a digest of all the latest news on the Steem blockchain.
Thank you for sharing the post. Hope more people see it so they take steps to protect their accounts.
Folks, I will suggest to use only dapps that use Steem keychain for authorization. Your keys and access should always belong to you and any transaction without the owners consent should be prohibited.
Posted using Partiko Android
I am pretty sure that there is absolutely no difference in the authorization tokens with keychain. That is the entire idea behind both SteemConnect and keychain. In both cases the key owner is the one that has the actual passwords, but you are giving authorization. Never of them remove the authorization for you when you leave the site. So Keychain and SteemConnect are equally as safe in these terms.
SteemConnest has a much longer track record of proving it's safe, but I fully trust Keychain also. Just not a fan of Chrome.
It's available on FF too now!
Posted using Partiko Android
I missed that, thanks for the info. I will have to test it.
I had never heard of SteemDunk. What are the advantages over SteemAuto?
No advantage really. It was the first one I used and just didn't get rid of it. It's purely an automated upvote service so you don't get the trails and other advantages of steemauto. But, when Steem Auto decided not to get their shit in order after the last hard fork and left people hanging for days on end, plus a few other times they did the same, steemdunk was back up and running nearly instantly. Haven't noticed issues with steemauto for a while now so they seem to be much more reliable now.
Yes, it works well. But the interface could be improved a lot and I don't see them working on it, at all. For example, I'd like to reorder the list of people I follow...
Hi @pifc!
Your post was upvoted by @steem-ua, new Steem dApp, using UserAuthority for algorithmic post curation!
Your UA account score is currently 3.703 which ranks you at #5325 across all Steem accounts.
Your rank has dropped 1 places in the last three days (old rank 5324).
In our last Algorithmic Curation Round, consisting of 197 contributions, your post is ranked at #50.
Evaluation of your UA score:
Feel free to join our @steem-ua Discord server