Why Steemit not provide Two-factor Authentication
Recently I have a question about Steemit security. I read some post and saw they have very high value, and I think is it save enough just using normal password to secure my Steemit? I looked everywhere on the Steemit page, clicked here and there, I can find anything about two factor authentication setting.
I also read someone posted about how to backup our private key to prevent scam and lost of out profit. But someone commented that was a double job to back up because the master password prevent what I was worried. Well, may be you understood the system, but not the noob like me. I couldn't understand what the mean. Until I saw someone recommended steemit to add on the two-factor authentication and someone gave the answer.
Our password will not sent to server and it'll be verify only on blockchain. We can use a stronger owner password, write it on a paper and keep it save.
You can go to permission and use your original password to login the OWNER, then change the password to a stronger one. That's all you need to do.
Hope this will help you to solve your problem.
Here's a great explanation of the keys:
https://steemit.com/steemit-guides/@pfunk/how-to-login-with-your-posting-key-and-why-this-is-important
My impression, I might be wrong, is that when you set a password for your account, all four of the private keys are generated from the password you set using some hashing algorithm, like a brain wallet. This means if someone knows your password, they can use this algorithm to generate your keys. For instance, I simply set a single password when I made my account, and since I read somewhere that our keys are not stored in any steemit.com database, I just assume there must be a hashing algorithm generating our keys from that password. However, it seems that we also have the option to reset any of the four keys independently, so there must be more to the story, since that implies the keys are not necessarily bound together. Perhaps someone can shed more light on this.
I didn't think so much. But your suspect maybe correct too. But as I understood from your example maybe it'll be more easy to let other to generate your password, because you've first leaked your simple password during you created your account?? Who knows my computer have a trojan that stole everything ?? XD ....Wish some other can give us some explanation??
You have to change active too.. Active can do everything the owner can do except change the owner key. You can use the same password for both, the keys will look different but that is by design it is still the same password.
Got ya....Thanks for your advice ...