You are viewing a single comment's thread from:
RE: Steemit's Security Values & How Steem Keychain Can Help
A website whitelisted to use active authority by a user could, if falling into wrong hands :
- Instantly steal all of the user's liquid assets
- Broadcast an account update that would change the private keys and therefore take control of the account
- Initiate power down, etc.
I think the tradeoff between security and convenience is too big here, thats why we only authorize listing for actions requiring posting authority, since they don t have a direct impact on stake.
I agree and they are all valid concerns. But you can still offer user the ability to decide whether they are willing to go for the tradeoff or not. Maybe the whitelisting process can be more hidden in the setting or put up a significant warning sign in the whitelist page for active authority. Option are tons.