Be careful when using SteemConnect - call to busy.org for necessary changes!!!
If you ever used @busy.org, @smartsteem, @dtube, @dmania or @utopian-io or any of the other third party applications, you have come into contact with SteemConnect.
Login once and every time you go back to the application it automatically knows who you are and logs you into the application.
First off, great tool
Let me start by saying I applaud the efforts of @busy.org in building this tool.
A well-working, properly designed tool, which all apps can use, will reduce the risk of everyone creating their own authentication package, and reduces the risks of badly written code and stolen keys.
However...
Now here we come to the crux of the matter. If you don't logout of the app you were using, the next time it automatically sees who you are and logs in using your information. This is great, it saves time to reenter your password and you don't need to know all these keys by heart, which is quite impossible.
But it is a hassle when you want to login under another account.
Basically, you can't! If you choose "logout" and then "login", SteemConnect uses the last account used for this app, on this computer!
Unless you remove the cookies that SteemConnect saves, you're screwed and cannot change accounts. This has been mentioned in a few posts already, when people wanted to change accounts, but so far nothing has been done about this.
Not my problem
Do you care about this, if you only have one account? Probably not, nothing to see here, just keep walking.
But it IS your problem, or potentially, it can become your problem!
When was the last time you used a public computer, or the computer of a friend?
On vacaction, do you only use your own computer or tablet, or do you also go onto public computers sometimes? Maybe to print boarding passes, and while I'm at it, let's see how my smartsteem is doing? Or do you want to upload that great holiday video on d.tube?
If you do, the next person to use that computer will have immediate access to this app, with your data and can do whatever they want with it. Maybe transfering all of your Steem and SBD to their own account if you've used busy.org for instance on that computer, or place a post which will get you downvoted into oblivion? Even if you remembered to sign out of busy.org, the next person on that computer will still be automatically signed into YOUR account.
With the addition of applications running on the steem blockchain, and acceptance of SteemConnect, this problem will only grow, until we do reach a situation where someone looses their keys. The resulting blowback can be huge, especially since this problem is known.
I call upon @busy.org to make the approriate changes to SteemConnect, so the cookie expires quickly, but also to remove the cookie when someone logs out of a program.
Make it so you can switch accounts and the risk of stolen keys is minimized.
Let's make this true again.
#UPDATE:
with thanks to @fitinfun let me add the following: you can use an incognito (Google Chrome) or private (Firefox) window. This will not store the information, so nothing is left behind when you're done.
Do make sure that you have the appriopriate keys with you (on paper).
You can open an incognito or private windows by selecting the menu in the upper right hand side of your browser (the three lines or three dots over each other) and select "New Private Window" or "New incognito window".
I see I think I should extra careful
Excellent idea, learn something new every day. Each time I go into banking I clear cookies and cache but never thought to use this "private window".
Once a week a major clean up and backup, security is important I shudder to think of how one is scammed so easily of late, also noticed how it holds the password @rmz
Kryptonia: @joanstewart1
Thank you; don't forget to resteem to receive the SUP.
i used sometimes busy.org. Thank you for sharing from kryptonia @reatimtim
What is a good way to store my posting and active key without using google drive or similar tool? Is it possible to open busy in the incognito window and store my keys. im only doing this on my personal computer. Maybe my smart phone too. Any advice would be greatly appreciated. Thanks.
The way I do it is quite easy, but also secure.
I have a text file with all my keys/passwords on my local computer, in a protected directory.
Using 7zip, I create a password-protected zipfile. This password is really strong, no chance someone accidentally figures it out.
I have a copy of this file on google drive (synced with my pc and in the cloud), and a copy in my mail, in concepts.
When you use an incognito window it will not store your passwords/keys, it will require you to enter all information every time.
Thank you rmz for that helpful information. I appreciate you.
Great ideal the tips are super helpful. Kryptonia username @giftefwords.
woland76 on Kryptonia
Thank you; don't forget to resteem to receive the SUP.
Thank you for sharing.kryptonia ID @lynlene
Ur post so useful, thank you!
From Kryptonia : ziggy
Great reminder @rmz ..thanks for sharing from jason21 of kryptonia
Thank you; don't forget to resteem to receive the SUP.
great ideal kryptonia id @everdope