You are viewing a single comment's thread from:
RE: Important Security Announcement: Steemit CEO Ned Scott
Now that steemit is in everyone's crosshair, #3 on the top cryptocurrency list, we need to take development and security uber seriously. We should have 2factor or phone based ( coinbase does this) security features. Thanks for your updates.
and a account page so we can link our email and be able to change our passwords and forget my password to the site
that does nothing for site security, and actually puts individual users at a higher risk as now their email is now an attack vector
I could not agree more. Now that the solution has scaled and already has a dedicated consumer base of thousands of users, it will immediately attract unscrupulous eyes and unwanted attention as hackers will be interested in extracting some illegal value for themselves. Any cryptocurrency with a Top 5 market cap needs to be especially careful, not just from an authentication standpoint (some users have suggested implementing a two-factor authentication module for Steemit, which would help but that is only the beginning), but also from a regular site audit standpoint; these cryptocurrencies need to invest in the proper business continuity planning and disaster recovery management solutions, as well as ensuring that they have access to cyber security and digital threat forensic experts to help 'stress test' the system. This is only the beginning and there will be more and more attempts going-forward.
One last point worth mentioning, the actual Steem cryptocurrency was not impacted or attacked in this particular incident, it was only the Steemit.com website and that has since been corrected by Ned and his team.
Long live Steemit!
I dont think 2 factor auth would have helped in this scenario. It seems like the server hosting Steemit.com was compromised.
Unlike other crypto, Steemit's cryptomoney is mostly custodial. Since Steem Power is locked up for 2 years, that may greatly slow down a hack but like the DAO has shown, a slow mo train wreck is still messy. This platform is way too cool to go down in flames. We really need world class security going forward.
Don't forget, the Shapeshift theft was by an insider. Yuge lessons to be learned there too.
2 factor definitely. This was a wake-up call to get serious. You can spend a lifetime creating a good reputation and loose it all in 5 minutes.
And if anyone on Steemit is re-using passwords... please stop doing that. I bit the bullet a while back and started using KeePass (open source) password manager. I have mega strong passwords on my Steemit keys and everything else important these days, and so should you.
Remember, your Steem Power and bitcoins just may be your retirement fund.... protect them!
https://steemit.com/introduceyourself/@ilyaivanov/hello-i-m-from-russia-help-me-to-be-happy-and-gain-a-million-likes-each-road-paint-for-me