Repository
https://github.com/steemit/condenser
Issue: https://github.com/steemit/condenser/issues/3311
Components
- Steemit.com condenser private keys and instructions download
Proposal Description
There were many users who were using the master password for daily uses, which is obviously quite dangerous. So steemit.com recently blocked the use of master password for login and then provide the download of a PDF with all the private keys (and some instructions).
I absolutely agree with the general idea, BUT the PDF isn't password protected! Moreover, it has the same naming convention, "username_steem_keys.pdf."
Well, if I'm a hacker, the first job that I want to do is searching files with the name with "steem_keys.pdf."
I strongly believe that a first-time user expect that the link works this way. Once downloaded, it may have already uploaded to a cloud without a protection. And most novice users (who's using master password for login) may even forget to delete or protect the PDF.
This makes users more vulnerable.
The PDF should be password protected.
Mockups / Examples
Well, I believe the only secured PDF should be provided, but if users take a risk, the current unprotected version may also be provided, as shown in the above.
The default password can be set to be the master password, or it may be better to give users to set their own password for the PDF.
Implementation Details
Currently, jspdf is used for the PDF creation, but this library doesn't support secured PDF.
I found one library for the secured PDF creation:
For instance, jsreport-pdf-password:
https://www.npmjs.com/package/jsreport-pdf-password
Benefits
- Security. What's more important? I don't think more detailed explanation is needed. Currently, in some sense, it makes more insecure to make it secure.
GitHub Account
https://github.com/economicstudio
Some of my contributions have been mentioned in steemitblog's posts:
Thank you for contributing @blockchainstudio!
I don't think any user will be willing to take such risk. When I first downloaded my steem keys, the first thing that struck my mind was that the PDF should have some security.
I am glad you took time to write a contribution on this issue and I hope Steemit will provide users a password protected PDF with keys in near future.
Your contribution has been evaluated according to Utopian policies and guidelines, as well as a predefined set of questions pertaining to the category.
To view those questions and the relevant answers related to your post, click here.
Need help? Chat with us on Discord.
[utopian-moderator]
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Thank you for your review, @syedumair! Keep up the good work!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
!dramatoken
이런 문제점이 있었다뇨~ 친구가 새로 가입했는데 아직 로그인을 못하고 있는 이유가 이거 때문인거같아요
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
네 처음에는 마스터패스워드로 로그인하면 경고만 띄우고 그래도 원하면 로그인이 되게 해주었는데 언젠가부터 아예 로그인을 못하게 바뀌었죠. 생각해보면 일반유저에겐 이런 부분도 정말 어려울 것 같네요. pdf로 다운하면 그도 그대로 잘관리안하면 더 위험한건데ㅠㅠ
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
!dramatoken
하시는 일이 드라마틱해서 ㅋ 드랍합니다.
드라마토큰이다 보니 다 드라마틱!!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
오 감사합니다^^ 이거 안그래도 한번 알아봐야겠네요 대충은 이해했는데 정확히 어떻게 동작하는건지.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
diana01님의 A SUGGESTION FOR STEEMIT TO READJUST THE DOWNVOTE BUTTON
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
!dramatoken
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
zorba님의 [2019/5/5] 가장 빠른 해외 소식! 해외 스티미언 소모임 회원들의 글을 소개해드립니다.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
You're upping the drama to new levels! Have a DRAMA.
To view or trade
DRAMAgo to steem-engine.com.Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
You've got
DRAMA!To view or trade
DRAMAgo to steem-engine.com.Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
zorba님의 [2019/5/4] 가장 빠른 해외 소식! 해외 스티미언 소모임 회원들의 글을 소개해드립니다.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
gomdory님의 곰돌이 일기장 5월 6일 - 구조비용^^ $50 돌파 댓글구출 4400개 돌파! + 명성도버그
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Korean: 마스터 패스워드는 정말 패스워드 변경시에만 사용하여야하는데 무분별하게 사용되어 최근에 steemit.com 에서는 아예 로그인이 안되게 막으면서 PDF로 모든 키를 다운로드하는 기능이 도입되었죠. 그런데 이게 어처구니없게 패스워드 설정도 안된 PDF에 문서 이름도 username_steem_keys.pdf라서 오히려 해커들의 공격대상이 되기 더 쉬운 위험성에 처한 면이 없지 않습니다. 제가 해커라면 컴퓨터에서 steem_keys.pdf부터 검색하겠습니다ㅎㅎ 로그인할때 마스터 패스워드 쓸 정도의 유저면 저 pdf다운 받고도 제대로 처리 안 할 확률도 매우 높은 것이니까요.
패스워드 설정을 한 PDF 로 다운받을 수 있는 기능을 제공하자는 아이디어입니다.
라이브러리는 찾아줬으니 직접 구현해주길ㅠㅠ 전 할 생각이 이건 별로 없습니다.
대신 오늘 MVP contributor 선정ㅎㅎ 기념으로 steemit.com에 beneficiary 설정 보여주는(세팅을 할 수 있는 기능이 아닌 이미 설정된 게시물에 설정되어있다고 보여주는) 기능 만들어서 제출해 놓은 상태입니다. 최근에 merge를 좀 빨리 해주는 경향이 있으니 큰 문제 없으면 조만간 반영해주지 않을까 싶습니다.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Hi @blockchainstudio!
Your post was upvoted by @steem-ua, new Steem dApp, using UserAuthority for algorithmic post curation!
Your post is eligible for our upvote, thanks to our collaboration with @utopian-io!
Feel free to join our @steem-ua Discord server
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Hey, @blockchainstudio!
Thanks for contributing on Utopian.
We’re already looking forward to your next contribution!
Get higher incentives and support Utopian.io!
Simply set @utopian.pay as a 5% (or higher) payout beneficiary on your contribution post (via SteemPlus or Steeditor).
Want to chat? Join us on Discord https://discord.gg/h52nFrV.
Vote for Utopian Witness!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
diana01님의 A SUGGESTION FOR STEEMIT TO READJUST THE DOWNVOTE BUTTON
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
You have
DRAMA!To view or trade
DRAMAgo to steem-engine.com.Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
i have a friend with a steemit account. She can login, but can't post because she does not have a posting key.
I have not use my account in a couple years and when i first logged in it gave me a option to download a pdf with all my keys. She is not given this option.
the site use to give you to get keys from wallet, but she can't login there either...
what to do...?
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit