[Steemit] Secured PDF with private keys and instructions
Repository
https://github.com/steemit/condenser
Issue: https://github.com/steemit/condenser/issues/3311
Components
- Steemit.com condenser private keys and instructions download
Proposal Description
There were many users who were using the master password for daily uses, which is obviously quite dangerous. So steemit.com recently blocked the use of master password for login and then provide the download of a PDF with all the private keys (and some instructions).
I absolutely agree with the general idea, BUT the PDF isn't password protected! Moreover, it has the same naming convention, "username_steem_keys.pdf."
Well, if I'm a hacker, the first job that I want to do is searching files with the name with "steem_keys.pdf."
I strongly believe that a first-time user expect that the link works this way. Once downloaded, it may have already uploaded to a cloud without a protection. And most novice users (who's using master password for login) may even forget to delete or protect the PDF.
This makes users more vulnerable.
The PDF should be password protected.
Mockups / Examples
Well, I believe the only secured PDF should be provided, but if users take a risk, the current unprotected version may also be provided, as shown in the above.
The default password can be set to be the master password, or it may be better to give users to set their own password for the PDF.
Implementation Details
Currently, jspdf is used for the PDF creation, but this library doesn't support secured PDF.
I found one library for the secured PDF creation:
For instance, jsreport-pdf-password:
https://www.npmjs.com/package/jsreport-pdf-password
Benefits
- Security. What's more important? I don't think more detailed explanation is needed. Currently, in some sense, it makes more insecure to make it secure.
GitHub Account
https://github.com/economicstudio
Some of my contributions have been mentioned in steemitblog's posts:
Thank you for contributing @blockchainstudio!
I don't think any user will be willing to take such risk. When I first downloaded my steem keys, the first thing that struck my mind was that the PDF should have some security.
I am glad you took time to write a contribution on this issue and I hope Steemit will provide users a password protected PDF with keys in near future.
Your contribution has been evaluated according to Utopian policies and guidelines, as well as a predefined set of questions pertaining to the category.
To view those questions and the relevant answers related to your post, click here.
Need help? Chat with us on Discord.
[utopian-moderator]
Thank you for your review, @syedumair! Keep up the good work!
!dramatoken
이런 문제점이 있었다뇨~ 친구가 새로 가입했는데 아직 로그인을 못하고 있는 이유가 이거 때문인거같아요
네 처음에는 마스터패스워드로 로그인하면 경고만 띄우고 그래도 원하면 로그인이 되게 해주었는데 언젠가부터 아예 로그인을 못하게 바뀌었죠. 생각해보면 일반유저에겐 이런 부분도 정말 어려울 것 같네요. pdf로 다운하면 그도 그대로 잘관리안하면 더 위험한건데ㅠㅠ
!dramatoken
하시는 일이 드라마틱해서 ㅋ 드랍합니다.
드라마토큰이다 보니 다 드라마틱!!
오 감사합니다^^ 이거 안그래도 한번 알아봐야겠네요 대충은 이해했는데 정확히 어떻게 동작하는건지.
diana01님의 A SUGGESTION FOR STEEMIT TO READJUST THE DOWNVOTE BUTTON
!dramatoken
zorba님의 [2019/5/5] 가장 빠른 해외 소식! 해외 스티미언 소모임 회원들의 글을 소개해드립니다.
You're upping the drama to new levels! Have a DRAMA.
To view or trade
DRAMAgo to steem-engine.com.You've got
DRAMA!To view or trade
DRAMAgo to steem-engine.com.zorba님의 [2019/5/4] 가장 빠른 해외 소식! 해외 스티미언 소모임 회원들의 글을 소개해드립니다.
gomdory님의 곰돌이 일기장 5월 6일 - 구조비용^^ $50 돌파 댓글구출 4400개 돌파! + 명성도버그