Hey guys! This is a repost of an article I more than a week ago. I plan to keep reposting this weekly until to raise awareness until I get some sort of official response! I feel like these ideas have great potential and could be very useful in our ecosystem.

One thing I'm always paranoid about is getting hacked or losing my account, so I try my best to protect and remember my keys. However, this paranoia still remains no matter how secure I try to be. Then I thought to myself, why am I so worried about Steemit when I have more funds on exchanges like Binance? I realised it's because if someone has my password, I'm FUCKED and if I lose my own password, I'm equally fucked!

Helping Adoption

This paragraph might seem a bit out of place, because it is! I had it at the bottom but moved it to the top. If some of these references make no sense, just read ahead and come back at the end!

Having these measures could help adoption as the average person would probably prefer these OPTIONS (not mandatory). To John Smith, having all your money on an account that could be hacked due to your own carelessness is not ideal. Furthermore, having your money on an account where if you lose your password, your money is also similarly gone is not ideal. These are some flaws of decentralisation, but we CAN counter it.

With 2FA, your accounts will virtually be unhackable, and phishing would be impossible given you have 2FA activated. By linking your account with another trusted account, your account can be returned to you even without your initial password so it's alright if you lose it! But with the 7 day lock-out period, it would decentivise people from losing their password and also prevent people pretending to have lost their password to hack someone else's account. This will help mainstream adoption and current users' ease of mind as it essentially makes it impossible for people to lose their funds!

Google Authenticator

I wish the Steem blockchain had an option to enable it. That would help ease my paranoia tenfold!

To developers out there, is there someway to do this? It doesn't have to be Google Authenticator, maybe an in-built Steem one that works on the Steem blockchain that you can download onto your phone? I'm not sure since I'm not a developer and honestly quite technologically illiterate despite studying computer science (first year!).

When Would You Need to Enter the Code?

Well, why don't we let the users decide! There can be a few options that could require Google Authenticator and users can select whether they want it enabled, for example:

• Changing the master password
• Withdrawing funds over (user set limit)
• Posting (useful to keep posting key safe for things like Steem Monsters)
• Upvoting
• Any action on the blockchain, not limited to these 4!
  In my opinion, it'd mainly be the first two as it could cause irreversible damage and using a Google Authenticator for posting/upvoting is a bit excessive/useless. I feel like this would give me peace of mind that my account is protected twice, thus (virtually) impossible to hack!
  This would also combat phishing attempts as even if scammers have my password, they can't move my funds nor change my master password without having my phone!

Linking Accounts

This idea is a new idea I'm quite proud of, conceived half way through writing this post. Steemit accounts should be given the option to link their account with one or more other accounts. What do I mean?

Nominate a trusted account from your account

• That account will have to accept the nomination
• This means your account is connected (one way) to your trusted account
• Nominate an email address, this is where your reset token will appear
• What does this mean?
• Suppose you forget your password, or the piece of paper it was on got burnt, or the computer you stored it on got exploded. You're fucked!

Now let's say you're not!

You enter your username, say forgot password and you'll have the option to send your nominated trusted account(s) a notification. If one of them (just one) accepts that you lost your password, your account will be white-locked for 7 days. This means you can still do anything you want on your account provided you log in, but as soon as you have any activity, the 7 day lockout will end and you won't be able to receive your reset password. Some people have auto votes and auto reward claims set up, so you will have the option to allow these actions to happen during the white-lock if you wish.

If your white-lock is successful, after 7 days you'll receive a new password in your email address and you will be able to use your account as usual!

Suggestions and Discussions

If you liked this idea, please help resteem it so maybe an actual dev will be able to see it! If these ideas aren't possible, you have better ideas or there's anything you'd like to discuss, feel free to talk about it below!!

source