You are viewing a single comment's thread from:

RE: Passwords are a Problem!

in #steemit8 years ago

U2F is great, except it's beyond useless for sites like Steemit.

It would have to be used as nothing more than a part of 2FA, since your password on Steemit is actually used to generate the private keys, i.e. posting, active, memo, owner.

For U2F to work, Steemit would have to be holding your private keys, in plain text. U2F works by sending the Yubikey public key to the server. The server sends some text to the key to sign, and then when the Yubikey sends it back to the server signed, the server knows that the Yubikey is legitimate.

8 years ago in #steemit by
$0.02
  • Past Payouts $0.02, 0.00 TRX
  • - Author $0.02, 0.00 TRX
  • - Curators $0.01, 0.00 TRX
1 vote
Reply 2
Sort:  
  • Trending
    • [-]
     8 years ago 

    Perhaps it needs to be a customized device then. In principle all that is required is that the device signs the transactions without exposing the private key.

    [-]
     8 years ago 

    Yeah, something like a TREZOR or KeepKey could probably be adapted to storing STEEM keys.

    Alternatively I believe you could get a normal Yubikey and write your long password to the memory bank, so when you put the button, it enters your master password.

    $0.00
      Reply

      Coin Marketplace

      STEEM 0.18
      TRX 0.16
      JST 0.029
      BTC 63004.21
      ETH 2441.89
      USDT 1.00
      SBD 2.68