RE: A quick reminder for your steem security
Frankly, I don't think the solution with a small set of different private/public keypairs is such a very good idea, I do feel uncomfortable giving away my private keys.
There are two other solutions that seems better to me. I wish I could generate a new private key (or, "token") for every service/app(lication)/website I'd like to use, tokens with a given expiry date, and tokens that can be explicitly revoked. I suppose this idea would require a hard fork.
The other option is to not give away any private keys nor passwords to any service/app(lication)/website, but rather have them send signature requests. Such a signature request could go to a web site that already have either the password or the private keys (i.e. steemit.com), to some specialized website (steemconnect already exists for this purpose?), to some desktop application or cellphone app. This can be done fairly transparent to the end-user (i.e. when I post something from busy.org, it could automatically find out that my account was created at steemit.com, send a signature request there, steemit.com could send me a dialogue box where I'm allowed to do a one-time signature for the specific post or (default) allow future signature requests from busy.org to be approved all until I revoke such permissions through the settings.
The latter is possible without a hardfork, but would require quite some cooperation and a bit of development effort by all the major players in the ecosystem.
There are already some options for your first idea. Any account can set up other accounts to use their posting or active roles, and also revoke them at anytime. This means that you can keep your keys safe but you give others access to your account. Steemauto for example does that.
The second option can be done by directly interacting with the chain. In an application this will probably not increase the security of less technical users since the will be using their private keys to sign on an online machine anyways. It might be possible to build special steem hardwarewallets for that though.
It should be noted that the passwords you enter in steemit always stay local in you computer. steemit does not know your passwords! But when your computer is infected that does not really help :)
Hi frdem3dot0! (Sorry for contacting you through this). I read your previous article about why you steem. Thanks a lot for your sincere sharing! That was so much helpful!
If you have time, can you please spend some time for completing a survey? We’re currently doing a survey research on why we keep steeming. It’s a 5-minute survey: https://goo.gl/H1XeJi
BTW, every participant will receive 1 SBD. In addition, you will join a raffle of 10 SBD (selecting 10 people). You can read more details about our survey here: https://goo.gl/kDu364
If you can help us with our research, we would very much appreciate that.