When I recover my account, I can not protect my STEEM #117
Comments
|
When you are in this situation (someone has your current owner key), it's most likely already too late to save your liquid funds. |
I agree with your opinion, but would not it be nice if you could keep a little bit of your own property? |
|
keep your liquid funds in savings. it might take 3 days but it gives you 3 days to act. |
|
Only the owner authority has a limit of being changed once an hour. There is nothing preventing you from changing your active auth immediately after recovering the account. I think what is happening here is that master passwords change all three auths and process of changing your password requires changing the owner auth. Instead, the Steem wallet should recover the account (changing the owner auth) and in the same transaction change the active and posting auths to match the new master password. These changes would be done entirely client side and require no changes to blockchain code. Moving this to the wallet repo to re-evaluate that entire process to ensure it is as secure as can be. |
If I use account recovery feature, if I do account recovery,
Only the master key and the owner key are changed. The previous Active key is retained before the recovery.
If the password can be changed immediately after recovery, the problem can be solved,
Passwords can not be changed until 1 hour after recovery.(Because I have already changed it when I recover) This means that my STEEM could be seized through the old Active key that was leaked within this hour.
Therefore, I think that the password of the account can change immediately after the account recovery, or that all keys must be recovered to the active key / posting key at the same time.
The text was updated successfully, but these errors were encountered: