- Click Here to Open your Account
- use Account Model
- Sign-Up
Is BitShares going to have to learn the hard way to not allow users to choose their own password?
Please, please, please... to BitShares users who decide to use the account model: use machine-generated, high-entropy (256 bit) passwords. Otherwise you will get hacked. See this post for more information (although it is about Steem and steemit.com, the same concept applies to BitShares when using the account model rather than the wallet model to create an account.)
yup, this should work like steem/peerplays, how much work is it to implement?
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Just curious, would you say that the loss of convenience with a random strong power is worth the extra security? I read your the other post you linked and I understand how vulnerable weak passwords are when on the Steem blockchain, but do you think there is a middlepoint between accesibility and security?
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Yes. 100% yes.
Yes, there is always a trade-off. But in this case, based on actual practical experience dealing with real world users, the trade-off seems clear to me. The choice basically comes down to one of the following two options:
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
I hadn't thught of #2, but now that you mention it, it makes sense. Perhaps education for the user is the key, but wouldn't you say that's a rather difficult task? Not everyone is willing to learn, for they own reasons, I guess.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
It isn't very easy. But I think there are enough well designed tools (password manager services with automatic synchronization and convenient browser plugins) that make it not too difficult to use either. Education absolutely is key; and the guides and tools to help with that can likely always get better. But the biggest factor to teaching new users how to use these tools and why it is important to do so is motivation. With sufficient motivation I don't think learning these things is that big of a barrier.
That motivation comes in the form of money. Sure if the user is just dealing with data that they don't care much about (maybe they just don't value their privacy all that much) then the motivation isn't very strong to learn how to properly secure your account. But when we are talking about people protecting their hard earned money, that motivation shouldn't be that difficult to find.
That is one of the beautiful things about Steem. There is a financial incentive to motivate people to jump through various hoops to learn these new and difficult things that people in the blockchain space are forced to deal with (things like securing passwords / private keys and using cryptocurrency exchanges). If you want to actually get this money in a usable form to spend it on things you need like rent and food, you have to spend some time and effort to learn these new processes and tools. (But hey, you normally need to spend time and effort to earn money from your job anyway.) And when these things are learned once, it becomes easy to transfer those new skills to other applications/services in the blockchain space.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
I see. Do you have a specific example of an app or tool that would make it easier to manage passwords? I definetely agree with the idea of motivation, and I think that's a great entry point when explaning to other people why difficult passwords are important.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
I've seen various posts on Steem of people recommending various password managers that they like (you can try searching for those). My preferred password manager would probably not be ideal in this case because it doesn't have a browser plugin and automatic synchronization (but I am more techy so I don't mind giving up a little convenience for other things I value more such as using a free open source tool I can trust).
For regular users, they should probably use a tool that does the synchronization/backups automatically and has convenient browser plugins that will autofill their passwords for them. Some common options include 1Password and LastPass. But I can't really speak to how good these actually are since I don't personally use them.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
I appreciate the suggestion regardless. Thanks for taking the time to answer all of my questions. ^^ You seem like a pretty savvy guy, I'll follow you. Thanks a lot for yout help.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Passwords that are hard to remember are generally a bad idea. That way you need to have them written down somewhere and always carry them around, and that's not safe either.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
What I've seen recommended is memorizing an arbitrary phrase made out of a string of words.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit