Image source
Hey guys, we're all invested in Steem and want it to succeed, so it's time to ask why Steemit still doesn't offer industry-standard protection tools.
Yes, the current passwords are difficult to brute hack, but that is not enough. The best official explanation I found for why we still don't have 2FA is from this blog post two years ago (after the last hack):
It has been repeatedly stated that we should offer multi-factor authentication for transactions. This would require our servers to co-sign every transaction. This is inconvenient for normal use and usually considered overkill for a social media platform.
This is not a sufficient answer anymore. @ned seems wholly focused on Smart Media Tokens, and I am excited about what they will bring, but implementing 2FA is surely more important than SMTs for users who have invested in the platform.
The same blog post hints that "Power Users" should know how to better protect their funds:
Power Users will be able to login with their posting and/or active private keys directly. If you know how to do this then we will presume you know how to keep things secure. Steem is an open platform, power users will have access to tools for more powerful key management. Steemit is our interface that we are targeting at the masses.
Again, this is not a sufficient stance anymore. This cryptic statement hints that whales have more protection tools, but what about the rest of us? To attract more users Steem needs to better introduce them to the platform. And that begins with security.
Perhaps creating server-side checks will introduce new risks. But at the very least we should have a conversation about the pros and cons. As this site is effectively our wallet (if you hold Steem Power), 2FA and perhaps email-based verification seems like a minimum for ensuring security.
It was OK two years ago when Steem was just a scrappy startup trying to get by, but now it's a bigger organization with 40 full-time employees that is worth almost a billion dollars. We all want it to succeed, which is why I'm raising this now.
Please get this post more visibility so we get an official response about the security policy. The more popular a platform becomes, the more hackers it attracts. Let's be active before all our money is gone. Thanks!
sorry I missed the payout on this post, it was worth more than my few cent upvote anyway! There are problems with hackers.
I am running an experiment here on steemit with the aim of improving retention and the steemit experience and after looking at your account I think it is something you might enjoy. come on over and join in on the discussion
https://steemit.com/steemit/@paulag/let-s-grow-steemit-together-direct-engagement-experiment-week-1
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Congratulations @footwork! You received a personal award!
You can view your badges on your Steem Board and compare to others on the Steem Ranking
Do not miss the last post from @steemitboard:
Vote for @Steemitboard as a witness to get one more award and increased upvotes!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Your level lowered and you are now a Red Fish!
Do not miss the last post from @steemitboard:
Vote for @Steemitboard as a witness to get one more award and increased upvotes!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Congratulations @footwork! You received a personal award!
You can view your badges on your Steem Board and compare to others on the Steem Ranking
Do not miss the last post from @steemitboard:
Vote for @Steemitboard as a witness to get one more award and increased upvotes!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit