Second Thoughts on "Security"

Recently I posted

, and my conclusion was that it was not all that secure, even though my intention when writing it was to identify that the biggest insecurities (in my opinion) were based on the instructions the app itself was giving.

I was definitely motivated to do so by "other people", so to speak; I mean its not like I don't have other posts to write :/ - Call me a few names and you can get me to write 1000 words about how wrong you are, I guess. And since its a "posting chain", I'll never be convinced that this is not the right thing to do when faced with such disagreements. Document them.

_{Oh yeah I'm on a Lake in a foreign country}

Anyway, we have been working on onboarding workflows, new user "inboarding" (shout out to @gr33nm4ster for picking up on that term) and all around "best flows" for HIVE with regards to users. And of course this seed of "security" has been planted in my head, going around, and around.......and around.

I would never use HiveSigner with anything other than the posting key, and even then - reluctantly. That's not misinformation, and it never has been. But "If its not secure enough for me - its not secure enough for anyone" ... I have come around to the idea that this is probably not true at all. I mean, I don't even put my keys on my (any) mobile phone... for security.

How much security?

How much security is needed for a new account? The one with zero dollars in it, might make their first post with

and be awaiting their first post payout. How about with 10 dollars in their wallet?

Whatever the "correct level" of security is, it would be based on some analysis of the actual risk involved, crossed with some amount of personal preference. Security improves over time, for the most part - as well as our culture and general education level. But no matter which way you look at it - no new account would ever be so intense about security as ME - or any other user with 8 years of experience, transactions and baggage on this blockchain.

And they really shouldn't be, either.

@pharesim helped me by defining terms, his terms at least, and for him, an insecure app is one that actually does LEAK the keys. HiveSigner does not do that. Whatever you think about recommending pasting owner keys after 7 years, its not an app designed to leak the keys - the "insecurity" from my perspective when I wrote the blog was about how easy it would be to hack, and how that hack would be worse by (still) recommending the worst practices of key usage to users after all these years.

We have HiveAuth now - why are we even talking about HiveSigner?

I wonder this a bit too - is it just because our legacy auto-voter Hive.Vote only accepts legacy login HiveSigner? Probably. Most other apps have multiple ways, and with multiple ways, I would NEVER RECOMMEND HiveSigner. But that doesn't mean there is no way to use it "more securely". You just have to know what you are doing (which can be a steep ask, if you ask me).

Adding and removing authorities - which require active key - is something you don't actually have to do in HiveSigner, even if you want to use Hive.Vote. This is one of the reasons that @thecrazygm and I built our

. It makes it quick, easy and secure to manage authorities on multiple accounts. Yes there are some other tools to do the secure auth - peakd interface often comes to mind, they have most features - where our app really shines is managing multiple accounts. We didn't even build it for "the community", although it is open for all to freely use, we built it for OURSELVES - because we are so obsessed with security.

As long as you know "what you are doing"

If using an app "securely" requires you to know what you are doing, and ignoring the majority of the things the app actually says on its site - I hope we can agree that this is less than ideal. The whole point of onboarding and inboarding is that these new users rarely know what they are doing - they are learning! And a lot of what they learn is what they read on the sites, the trusted sites. HiveSigner is thus, in my eyes, NOT a trusted site. It says the wrong things. That's dangerous for new users.

But again - who cares? This is all about an auto-voter?

Not just any auto-voter - the last auto-voter in our ecosystem. And it makes me think a thought, many have expressed, and many more probably think - I wish we had another, more secure, less legacy auto-voter in our ecosystem. It's even on our list of things to build. Not for you, not for "the community", for ME. I need it. If we build it, should I share it?

I guess you might think that our

would mean we should make it available. Its actually part of our "Auto-Badger" series, listed in our defunct . Its on "my radar", it has been because I need it and I hate using HiveSigner to get to Hive.Vote. And generally I do believe in the principle that tools should be available to all users.

Back to new users

So it might be obvious, but none of the new users I have ever onboarded have asked about autovoters. This might be a measuring stick, it is probably a tool that indicates that a user is slightly more advanced, maybe even beyond the inboarding phase and into the "colleague" phase. Not to say "just another user", but if you are wondering about how to keep your Hive Power curating, or not missing your friend's post - you are now beyond "new user" status, I think we can all agree.

And to my deep chagrin, I often find myself thinking or recommending mediocre security practices to new users - "Why don't you email yourself your keys?" - simply because there is little risk to a new account; in fact the risk of losing that key document is much greater than getting your email hacked and losing the 3 dollars you earned at the Beers and Bitcoin event.

I was a new user once

As I recall, I did it all. I kept my masterpassword in google drive, I logged into every new app that appeared and (at that time) gave them the authorities they asked for - I tested and tried many things. I know many of us did: I've seen them removing tasteem posting permissions when I show them our

.

I have, since then, changed my keys, updated my security practices, and use plenty of alt accounts to do all the things I am no longer comfortable doing with my "main", and that includes anything on mobile beyond the posting key.

Security is a series of trade-offs

So, in conclusion - "it depends". What's the risk? And the corollary - what is your risk tolerance? How much "skin in the game" are we talking about? How much time do you have on your hands? How much do you care?

Our ecosystem isn't perfect, several commenters reminded me of this on

, including this great and elucidating comment from @techcoderx:

There is no one right answer to the question of "security". Just a bunch of trade-offs, and users who continue to learn, and grow - growth which naturally changes their analysis of the risks involved with each click on the internet.

Freedom and Friendship