RE: Offline Attack on Steem User Credentials

You are viewing a single comment's thread from:

Offline Attack on Steem User Credentials

in steem •  9 years ago 

That's pretty terrifying, and it's a good job that you posted this... It hadn't occurred that of course hashed passwords are going to be freely available offline because in using a web UI you're used to the assumptions of a traditional web model.

Good on you (assuming you did what you said) for just reassigning back to Steemit. Sounds like we do really need 2FA or generated only passwords... It's a shame that browser tooling around SSL client certs is so user unfriendly, having a client cert as a per-browser alternative to the generated password would be a good way of removing the usability barrier. Users would obviously still have to store their password but they could use the installed client cert for day-to-day auth and just use the password for requesting new certs for new devices.

steem
9 years ago by

Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

  • Disagreement on rewards
  • Fraud or plagiarism
  • Hate speech or trolling
  • Miscategorized content or spam

Submit
$0.30
  • Past Payouts $0.30
  • - Author $0.23
  • - Curators $0.08
1 vote
0
Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!