Users should not be required to use their Active key more than once per site
Users of Sites that authenticate SteemConnect must expose their active keys on the client they connect to SteemConnect with
Firstly, after a year of being on the platform and reading dozens of articles by people like @pfunk talking about the virtues of steem's four key system and how using the posting key when that is what you are going to do is a secure way of doing things, I am dismayed by having to log into the new version of SteemConnect with my active key.
Secondly, I get it. The active key is necessary for SteemConnect to give posting permission to the app you are using. SteemConnect is developed by good guys and managed with good guys at Steemit.com. They are going to do the right thing and keep the keys in your browser. So, if you use steemit.com for using steem money, there is no reason you shouldn't trust steemconnect for the same purpose. SteemConnect will do powerful things, yes I know.
If wherever I logon to a service that uses steemConnect for key management I need to paste in my active key, I will have to refrain from using these sites from all but the most secure machines. When SteemConnect adds Utopian to the posting authority of my account, it's permanent and it is not done again for Utopian.
Some people do not take their computers with them and use cyber cafés to do their blogging. It's a real plus that you can login with your posting key on steemit.com. If somehow the user loses control of that key, the worst that could happen is people vandalize or flag under your account. Suppose a blogging site uses v2 of steemconnect, travel bloggers would have to use their active keys to blog from the Cyber cafés.
In summary, although adding the posting permission requires at least an active key, subsequent logins for authentication have no technical need for such a powerful key and in where site is something like Utopian.io, certainly a posting key is just enough.
@ocd @originalworks @minnowsupport @steemvote @dse @steemero @markboss @steemvote @steemit @fairvote @monitorcap @minnowsunite @steemspeak
See Also:
https://steemit.com/steemit-guides/@pfunk/how-to-login-with-your-posting-key-and-why-this-is-important and
https://steemit.com/steemit-guides/@pfunk/a-user-s-guide-to-the-different-steem-keys-or-passwords both by @pfunk.
https://steemit.com/security/@noisy/public-and-private-keys-how-they-are-used-by-steem-making-all-of-these-possible-you-can-find-answer-here by @noisy
https://steemit.com/steemit/@steemitguide/a-complete-guide-on-steemit-permission-keys-posting-owner-active-memo-digital-passwords-with-unique-functionality-that-allows by @steemitguide
Dash XjzjT4mr4f7T3E8G9jQQzozTgA2J1ehMkV
LTC LLXj1ZPQPaBA1LFtoU1Gkvu5ZrxYzeLGKt
BitcoinCash 1KVqnW7wZwn2cWbrXmSxsrzqYVC5Wj836u
Bitcoin 1Q1WX5gVPKxJKoQXF6pNNZmstWLR87ityw
Posted on Utopian.io - Rewarding Open Source Contributors
Besides any security issues, it is annoying to have to dig out the "paper" key. There must be some type of work around here. I am not a developer but I am tempted to look at some code and get to work!
Good. If you are not a coder, you can always do advocacy which is what I did here. Blog about why the requirement of an active key for logins is such a bad thing. Or save yourself work and resteem my post. :)
You need to get the devs interested in what you want done anyway or your perfect patch might not get accepted. Advocacy is like the second step of coding. The first step being searching to see if your project already exists.
i liked this post
Your conribution can not be approved as we already recieved similar contribuition (Link).
Note: Please kindly take note of this in your next contribution. You must not directly mention any account. Also, you must not use banners at the end of your contribution as they are irrelevant. Thank you.
You can contact us on Discord.
[utopian-moderator]