RE: Steem Keychain Update - Firefox Version Now Available!
I was so very excited to use this extension, now that it supports Firefox. Then I tried to login for the first time, and noticed the very intuitive message (sarcasm) to enter your password. I assumed it meant my key, since no way could it mean my Steem password. After getting errors, I eventually realized that I maybe I have to set it up first. It doesn't have a simple if statement to detect if it hasn't been setup yet, and maybe either tell the user to do so, or go through the setup. So I go to do that, and it asks me to set a password. So I do my usual thing of making a long password that's a combo of multiple languages and numbers, and no, it requires an uppercase, lowercase, number, and special character. This flashed past way too quickly for me to read the first time btw.
How do you expect anyone to remember such a password? You do know that when you ask such things, it doesn't make it any more secure. The most secure passwords are long strings of uncommon words, perhaps with misspellings, numbers in places, etc. They can be easily remembered, but take forever to crack. A 8 character password with "special" characters is easier to brute force than something that's multiple words. Part of this is because many people do the exact same things when asked to put in capitals, special characters, and numbers. Password dictionaries are full of so called "secure" passwords.
It's better to do a simple check that the password isn't horrible insecure, like a word with a number at the end for example, or check it against a dictionary of passwords, and include a link to a video on how to make a secure password.
I'm disappointed.
But, congratulations on your update. You have a ton of features now. It's good that you now support more browsers, so more people can use it.
I guess I'll start using it when I can figure out a password that fits with your dumb requirements and I can actually remember while still being secure.
Understandable... may i suggest do your normal long password and just start with a capitol letter and end with an exclamation point. If you're doing your normal long secure password it should still work nicely. Or are you saying keychain doens't allow for over 8 characters?
It's also my understanding that you're just preventing someone who has physical access to your computer right?
This is exactly why it doesn't make it more secure. Everyone just starts with a capital and ends with a number and an exclaimation point or replaces i's with 1's, etc.
My point is that it doesn't make it more secure. In fact, it makes it less secure, and harder to remember. It means that when they do a dictionary attack, they can eliminate all entries without a capital or number or special character, testing less passwords.
You're preventing anyone that gets hold of your keychain password file or physical access. So, if you get hacked, or your computer stolen, or if you live with someone that's a dick.
Currently, not a ton of people use Steem, so the chances of your accounts getting compromised before you can change the passwords isn't huge. So the main problem is that it's annoying and has no useful purpose.