There is a growing number of web sites which interact with the HIVE blockchain. I believe that the best way is to cultivate interest in HIVE is to promote the sites in the Hive-O-Sphere.
In this spirit, I've been adding Hive Related Web Sites on Internet Rivers. I've found about 170 sites so far and have barely scratched the surface.
There is one problem with this approach. Sites with interactive features require user authentication.
Before new users can start interacting with the different tribal sites in the Hive-O-Sphere, they must figure out the authentication system. Due to the nature of HIVE, authentication is a bit strange.
HIVE is a decentralized blockchain existing in cyberspace. The blockchain does not have a centralized authority.
The blockchain uses a system of user accounts and encrypted keys. To maintain a high level of security the keys are long and unruly. The keys are large numbers. When represented as a string, they are 51 characters.
Commands that interface with HIVE require the user's name and the apropriate key for the operation. The system uses the POSTING key for writing and voting on posts. It uses the ACTIVE key for operations that could lose money. Some applications use the MEMO key for basic authentication. The OWNER key allows users to change their keys.
In the early days of STEEM, it was common for people to post their keys on web pages to access resources. This created a huge security risks as scammers found that they could create fake pages to phish for user keys. Another problem was that users had a nasty habit of pasting their keys in the wrong field. There were cases where users pasted their keys into the memo of a transaction ... broadcasting their keys to the world.
HIVE is a decentralized system. Different groups began developing different solutions to streamline HIVE authentication.
HiveSigner developed a product that implements the Oauth standard used by Twitter and Google. To use the product, users paste their HIVE keys into HIVEsigner.com. HiveSigner stores an encrypted version of the password. HiveSigner asks users to create a short memorable password to access the program.
The design creates an additional password, but allows users to access their HIVE account with a short memorable password without compromising the keys.
Hive Keychain is a Browser Helper Object used for authentication. A BHO is a computer program that one can add to a browser to extend the functionality of the browser. The keychain stores an encrypted version of the keys in the Browser Helper Object.
NOTE: The site has links to different versions of the app on Chrome Store, Apple Store, Firefox Store, Brave Store, Apple Store and Google Play. Installing from the appropriate store adds an extra layer of accountability to the app.
I installed both programs on my primary computer and use them at different times. After installing these programs, I no longer need to store the keys on my local machine.
The designers of both HIVE Keychain and HiveSigner have added functionality to their programs. It is possible to perform activities like transferring funds and voting for witnesses directly through their applications.
HIVE Keychain includes a lightweight wallet that allows users to transfers HIVE and HIVE-Engine tokens. I like that the wallet shows current voting manna; so I can see how many times I've voted during the day.
Exporting and Importing Keys
HIVE Keychain offers an export and import function. After you have pasted your keys into the keychain, you can export the keys to a file called account.kc which holds an encrypted copy of your keys. You can then import the keys into keychain on a different device.
The exported keys still give access to your account but are slightly more secure than the keys themselves.
Since I use only one computer to access HIVE, I have not explored the full potential of this feature.
If I were using a shared computer; I might consider keeping the account.kc file in an encrpyted directory on an thumb drive. I could then import the keys into Keychain for a session and delete them when the session was through.
HIVE Keychain on Android
Since HIVE involves money, I currently access HIVE from a single machine in a secure location.
HIVE Keychain offers apps for Android and Apple. I installed the Android app. The app says it is still in beta.
The app includes a lightweight wallet which might prove to be handy in the future.
To my embarrassment I could not figure out how to login to web sites on my Android phone with the app. This might be due to the fact that I really don't use my smartphone for browsing the web.
HIVE Keychain on GitHub
HIVE-Keychain was developed by a third party. Since users entrust their keys to the keychain it is extremely important that the code for the keychain is open sourced and documented. This allows the public to scrutinize the code and assure that key-chain does not secretly make a copy of the keys.
@stoodkev published the source for HIVE Keychain on Github. This page includes documentation for integrating the keychain in web applications. The documentation includes API calls and details how web sites can integrate the keychain with their application.
I started playing with code to authenticate Hive users on my review of Hive Keychain, but I got involved in other things and didn't finish the review.
Conclusion
Because HIVE is a decentralized blockchain that is not controlled by a single legal entity, the authentication model used by HIVE is both more critical than traditional corporate based web sites. Users who lose their keys lose their tokens.
Since the code for HIVE is developed by third parties the authentication method is a little bit more convoluted than authentication methods for traditional web sites.
Part of the learning curve for HIVE is figuring out the authentication method.
When new users sign up for HIVE, they need to develop a plan to protect their keys.
People should avoid giving their keys to third party sites.
There are only three programs to which I have entrusted my keys.
Good luck and stay safe.
I thought about taking a picture of my keychain for this post. Malcreants can recreate keys from pictures; So, for the picture I made a keychain with a clicker from the Karen Pryor Clicker Training program. I added two super colorful keys that I found in a drainage ditch a decade ago. I never found the owner of the keys.
