Steem: not worth it

Created on 27 Mar 2018  路  5Comments  路  Source: steemit/steem

i signed up for steemit to try out d.tube as a youtube alternative.. it takes me a week to activate after giving a cell phone password im not comfortable giving out only to finally receive this stupid long password i couldnt possibly remember, with no way to change it to something i can, and all of this extra work just to use steemit just isnt worth the time or effort... you really need a more user friendly platform if you actually want people to register and use it

let people choose the passwords they want and accept the risks if its too easy.. requiring cell phone numbers is complete nonsense and some people choose not to have smart phones or use text.. so youre eliminating them from possible customers.. and automate the sign up process, it shouldnt take 1-2 weeks.. what is steemit so paranoid about? you dont even have that many users and probably never will if its not made a heck of a lot more user friendly than it is

Most helpful comment

Unlike most other social media platforms and websites which can lock a user out after trying an incorrect password 3 times, the blockchain allows anyone with the knowledge on how it works to brute force attempt someone鈥檚 password as many times as they would like - without locking the account. If they let people choose their passwords, people would choose ones that would allow hackers to steal their accounts (and money).

I know it can be a little frustrating to get used to, but your account is actually worth real money and will likely hold a lot of funds someday. It is worth learning how to save/backup/use the really long password (which is actually secure), rather than allowing you to use one that will make your account unsafe.

All 5 comments

There are several ways to get a 'steemit' account. The most obvious way is to sign up through the steemit website which requires your email address and mobile number. This is the only the way to get a 'steemit' account for free. If you don't have a phone or wish to be anonymous, there are many reliable services that you can instantly buy an account from, check out anonsteem for example. In reality, you have to pay a fee for a 'steemit' account but when you sign up through the website, the company Steemit Inc pays that fee for you.

When you sign up on steemit, you are actually given an account on the steem blockchain, that's why I used steemit in quotes in the first paragraph. This steem account is used to access websites like steemit, busy, dtube, dlive and dsound.

You can change your stupid long password on the steemit website to something that can be more easy to remember. However, using a stupidly long and complex password is more secure when dealing with cryptocurrencies.

Unlike most other social media platforms and websites which can lock a user out after trying an incorrect password 3 times, the blockchain allows anyone with the knowledge on how it works to brute force attempt someone鈥檚 password as many times as they would like - without locking the account. If they let people choose their passwords, people would choose ones that would allow hackers to steal their accounts (and money).

I know it can be a little frustrating to get used to, but your account is actually worth real money and will likely hold a lot of funds someday. It is worth learning how to save/backup/use the really long password (which is actually secure), rather than allowing you to use one that will make your account unsafe.

absolute nonsense, a 10 character password in my head is far more secure than your 40 random character password i have to save to a text file where it can be accessible by other programs.. at the end of the day its the end users responsibility to pick a decent password and i do not need steemit to make such decisions on my behalf.. people are adults and do not need steemit to be as their nanny, what they need is a site that doesnt aggrivate them over special rules that only steemit apply and arrogantly claim to do so for their own good

in fact, its down right insulting that you flat out tell me that my passwords arent good enough and that i need you to do it for me.. piss off and screw steemits arrogance and condescending nature

The difference between Steem and traditional platforms is that Steemit, the organization, does not authenticate you, the decentralized blockchain known as Steem does.

In a traditional platform, your password is hashed and stored on a secure server. So long as the server is secure then anyone attempting to get in to your account is guessing blindly. Such behavior can also be detected and blocked by the platform. If the server is compromised then the hash of your password gets out. If it is a weak password, a hacker can use a rainbow table to look up what your password is using well known hashing techniques. More secure platforms now salt and pepper passwords to obfuscate information and make it more difficult to crack them.

However, all of these techniques require centralization. Or at the very least, these techniques are ineffective when authorization is decentralized. Steem is a platform where your hashed password is compromised from the moment you sign up. This is not inherently a bad thing unless your password is weak and can be easily guessed. Even a random 10 character password can be quickly brute forced. When Steemit launched, we allowed users to set their own 15 character passwords and many accounts were being hacked due to brute forcing of weak passwords.

I encourage you to do some research on password management techniques. You will find that the requirements we enforce are out of a desire to follow industry best practices when it comes to account security. It is out of respect for our user's time and security that we have these rules.

@Ulfrinn although not recommended (for security reasons), you can find a steem-python method here (https://steemit.com/security/@noisy/how-to-set-an-own-password-which-is-not-generated-by-steemit) on how to change the password yourself. Remember, your password is the soul of your account, if you get compromised it would be your own fault.

It can also be done with steem-js by doing steem.auth.getPrivateKeys first and using the owner key from that to do a steem.broadcast.accountUpdate. Again, do it at your own risk.

I suggest you test your custom passwords here http://rumkin.com/tools/password/passchk.php to see if they are really as secure as you think, and compare to the one generated for you by steemit.

Was this page helpful?
0 / 5 - 0 ratings