Hello,
After what happened to @alexwonderful I think that it's time to activate 2FA on STEEM. It's not normal that anyone with your password can come and steal your hard earned money and your account. She lost 187 SBD because she posted her private key by mistake on her post. Things like this should not happen. She also lost her account and she is still waiting on the account recovery.
I believe that Steemit won't go mainstream until the security is improved. 2FA is the minimum, our money is on this platform, we can't trust a platform that has no security for it's users.
Her account is still compromised, so please don't send any donation yet to her or the thief will take it too !
Steemit is an important part of her life now and she is quite depressed after what happened.
I hope that when she gets her account back we can all give her some fat upvotes so she can recover her lost money.
I already planned on giving her a donation as soon as she recovers her account.
Thank you all.
Write this in utopian, so that it can bring more attention.
I added the tag, is it enough ?
No, you can write as a proposal in utopion.io. They will even reward you if it gets accepted.
Thank you for raising this @najoh
I have also been thinking about this too and I think it's about that time steemit introduce 2FA
At least this will put our users mind at rest
I think it is especially important to understand how to handle the keys safely. For example, you should never log in with the Ower key. If no transaction is to be carried out, only the posting key should be used.
The owner key should be stored securely and offline.
Thus, the account can never be lost as long as the key is well secured.
That's quite difficult to understand, I didn't even know that we had multiple keys..... When I registered they gave me only one.
I'm trying to summarize it for you.
When registering you have received a password. This is also called Owner-key. In your profile under Wallet -> Permissions you can see 4 different keys. If you click on "show private key" on the right you will see the respective private key.
The Posting Key should be used for normal login.
If you want to make a transaction in the wallet, you will be asked for your active key.
You don't have to worry about the memo key. You only need it if you want to encrypt a message in a transaction.
I recommend that you only log in with your private posting key and use the active key when you make a transaction in the wallet. You should write your private owner key on a sheet of paper and keep it in a safe place. If you have been hacked, you can still access your account with the owner key and get a new one created.
I hope I could give you a rough overview.