Just gonna throw this out there and it should be obvious to anyone who's been in the crypto world for more than a few days -- the Steemit website absolutely needs a two-factor authentication (2FA) method.
Two-Factor authentication, for those who don't know what that means, is just an added layer of security that confirms your identity via smartphone generally. If you have no idea what 2FA is, you've probably done it before when a company sends you a text message with a number to respond with or type into a login field.
###There are some excellent apps for two factor authentication:
- Authy
- Duo
- Google Authenticator
- Clef (my personal favorite)
What this requires? During setup you snap a picture of a randomly generated QR code (or enter a string of characters that the QR code represents). This code is a seed that generates a 6 number string every 30 seconds (typically) that is used to confirm you are who you say you are.
In laymans terms, both sides of the equation have the same random number generation going on so each side can confirm that the other is who they say they are, thus eliminating some serious attack vectors.
This is extremely important when a website is dealing with actual funds. Any legit exchange all but requires 2FA for your account. When there is considerable amounts of money or value on an open website, getting your account hacked is more a question of 'when', not 'if'.