I am no security expert, though there is a simple step that Steemit can take right away so as to reduce users' accounts exposure. The same solution we have applied on Wordpress installations some years ago when faced with extraordinary number of attacks. It should be allowed to users to choose the nickname under which they will publish their posts, using their usernames just for signing in. This way a potential attacker will have to also steal the username, before trying brute force. In that case the prompt after wrong credentials are introduced should not give any clue of where the problem is, username or password.
| author | skriptroid |
|---|---|
| permlink | about-security-on-steemit |
| category | steemit |
| json_metadata | {"tags":["steemit","security"]} |
| created | 2016-07-17 18:34:48 |
| last_update | 2016-07-17 18:34:48 |
| depth | 0 |
| children | 0 |
| last_payout | 2016-08-17 18:34:48 |
| cashout_time | 1969-12-31 23:59:59 |
| total_payout_value | 0.000 HBD |
| curator_payout_value | 0.000 HBD |
| pending_payout_value | 0.000 HBD |
| promoted | 0.000 HBD |
| body_length | 623 |
| author_reputation | 563,630,330,217 |
| root_title | "About security on steemit" |
| beneficiaries | [] |
| max_accepted_payout | 1,000,000.000 HBD |
| percent_hbd | 10,000 |
| post_id | 150,119 |
| net_rshares | 1,169,143,520 |
| author_curate_reward | "" |
| voter | weight | wgt% | rshares | pct | time |
|---|---|---|---|---|---|
| skriptroid | 0 | 1,169,143,520 | 100% |
hiveblocks