Ulog 13: Password overload

In another post, the founder (Hive account@quochuy) of the @TeamVN community and bot discussed the about trust in term of Password sharing for an online community administration. In the comment section, he responded that many users “still use their master password instead of their posting key which is a security issue which is something non-tech people don’t understand yet.” I am here to say I am one of the non-tech people. But I think there is more. Please note that I don't have the expertise to judge the system. This is how I feel about things and my interpretation of it.

When you first sign up for steemit, you received a master password, a posting password, an active password, an owner password, and a memo password. Within the posting password, you have to click to “show private key” of the posting password. For the active key, you have to “login to show” which I assume you use the master password. So in essence, you’re getting a total of 7 randomly generated passwords that have different usages.

I understand the security risk of using the wrong password for the wrong reason. That if my password gets into the wrong hand, the perpetrator can take over my account, clear out my steem balance, and I would have no way of recovering it because this is a public blockchain. Theoretically that sounds really motivating to understand which of the passwords to use and which one to lock down in a safe. However, it doesn’t fluidly correspond with how I go about my day posting on the steemit it blockchain.

First of all, there are 7 passwords that I have differentiate between their usages. That’s a lot of passwords. It seems quite convenient to use the one that works for all functions. What exactly is the function of the memo password anyway?

Secondly, these passwords are randomly generated characters. So I can’t ever remember them. I have to save them somewhere to be able to access them. So what do I do? I put them on my online email inbox so that I can copy and paste them as I need them. I also save a copy on my iPhone note app. I am sure that is what the developers of steemit would want its users to do. I work on different machines throughout the day. So I want easy access to them. So I probably broke the cardinal rule of "Don't" in putting passwords on a potentially hack-able site. In addition, I perform multiple functions on the site during the day, sometimes more than others. My primary activity on the site is posting, but I also transfer funds between accounts and other users as well as collect funds that are deposited from posting and curation activities (by the way, why can't these automatically be added to the balance.. why do the developers make us claim the funds?.. Doesn't seem convenient at all.)

Thirdly, I think as additional services are added and different sites hooking up the blockchain, this will even get more confusing. I use busy.org, esteem, tasteem, smartsteem, and a host of other services that require a password login. I think I found a combination that works. But in the back of my mind, I am always thinking what if today is the day that I posted the wrong password to the wrong site.

Steemit expert users often share with me links to understanding the steemit password differences such as this one. For many early adopters learning about steem and steemit community, this is part of the learning process. They're comfortable with the nuances. As we think about mainstream users, that a huge hurdle for them to jump to adopt the technology. I believe many will not make that leap and use the password system as it is intended in its current iteration.

In conclusion, I think that the password module in steemit is confusing to non-technical users such as myself. I hope that as the community becomes more developed and new users come on board, that we think about it differently. Who knows, maybe in eighteen months, someone will think of a brilliant way to solve this issue. For now, I'm probably playing with fire.

Source of image password