You are viewing a single comment's thread from:
RE: ILoveWWW Phishing Attack on STEEM
As important as it is to keep keys safe, why can we not sign into different front ends with only our priv posting key? All of them seem to go through steemconnect which makes you use your active or owner key. I, for one, hate that - so I haven't really tried many of them out.
Now if there were a place for me to keep my liquid assets (i.e. desktop wallet) in a private wallet with different keys, I wouldn't have a problem using my active keys, as I wouldn't have funds easily accessible...
You could just use another account as "cold storage"
Steemconnect doesn't always ask for the active authority, that depends on the permissions the app you use requests.
I actually thought about that after I hit post. lol It's not a bad idea, really.
So it's up to the app? Meaning that busy (or similar) could change the code to allow you to sign in with only your priv posting key?
Dtube does that. It's not really a solution since the phishing sites all replicate Steemit, they don't care about the other frontends. And most users just use Steemit. Part of the problem is there's intermittent unannounced work on Steemit and the site starts glitching out. When that happens people get used to being logged out, forms not loading and other crap. So when they click on a phishing link and get 'logged out' its business as usual.
No, no, of course not! Phishers will phish and people will continue to stay dumb to it.
My comment was a bit off topic come to think about it. lol I feel better now though, thanks for letting me have a little rant on your post. ;)
Some front ends don't allow posting key and need the active one. Also not all websites using steemconnect require active key. Actually I try to avoid those requesting more than they should.