Today we would like to introduce our innovative approach to securing user accounts. As far as we know, our solution is completely new in the cryptocurrency space and will raise the bar for security on all platforms. So before getting into our solution, lets give you some background on the nature of our security challenge.
Background
A recent post by @karnal talks about how no browser based wallet can ever be completely secure.
It is incredibly difficult for services like blockchain.info to keep user wallets secure and they have a major advantage over steemit: they do not display user-generated content. The mere act of displaying user generated content means we must filter said content for anything that could be reinterpreted by your browser as a request to send your passwords elsewhere. Filtering is very hard to perfect, something eventually gets through the cracks.
Recognizing what is Impossible
We recognize that it is impossible to prevent all browser side exploits. The reality is that there are too many factors that are completely outside the control of steemit. These factors include browser vulnerabilities, plugin vulnerabilities, phishing attacks, man-in-the-middle attacks, etc.
Some people suggest going to extreme measures such as hardware wallets and downloadable apps. The reality is that this approach to security is extremely costly and harmful to the user experience.
Steemit will do everything it can to give users the best possible options to secure their accounts. We also know that only 1% of users will actually use the best options. For most people, convenience trumps security.
I can put this into real world terms. It is impossible to prevent someone from breaking into your house. You could spend millions of dollars on the most advanced security systems and people can still break in. Not only that, every extra security measure adds inconvenience to your life and requires constant vigilance. Even a Nuclear power plant in Iran that was completely disconnected from the internet was hacked.
At some point the cost of preventing a break in is higher than the cost of recovering from a break in.
Attempting to do the impossible is bound to fail. Instead Steemit will take a new approach.
Recovering from Theft
You may not be able to keep thieves from breaking into your house, but at least you know you can get back in and change the locks. This is the approach that we are taking.
With Bitcoin and other cryptocurrencies a hacker breaks into your house and changes the locks. You are unable to get in without "hacking the hacker" and that is almost impossible for 99.999% of people to do.
With Steem all of this is going to change.
If your account gets stolen, then you will be able to work with Steemit, Inc (or someone else of your choosing) to recover your account. All you will need to do is have access to any key you used on your home in the past 30 days.
The thief got into your home because he got a copy of your key. From the blockchain's point of view there is no difference between you and the thief. From the outside world's point of view there is a huge difference.
In my previous post I challenged the concept that "Key is Law". I made the point that for blockchains to protect property rights they need to factor real identity rather than just evidence of identity. Your password (aka private key) is just evidence. It is not absolute proof. The mistake blockchains make is to assume that it is proof.
How it Works
When an account is hacked there are two or more competing claims of ownership because multiple parties may have access to the password. The blockchain simply needs a way to break the tie and pick one claim over another. This requires three things:
- Time
- Monitoring
- A trusted individual to vouch for you
Time
If there is no time period during which key changes can be challenged, then the first person to change the lock wins. The more time you have to respond, the less chance that someone will get away.
Monitoring
If you are not paying attention then all the time in the world will not be of use. You need to be notified every time the key changes on your house. This notification gives you the most time to find a trusted individual who will vouch for you.
A Trusted Individual
A trusted individual is someone who can identify you independently of your key. Steemit can identify users by their email, facebook, and reddit logins (if you signed up through us). You could also use your mother, wife, employer, or friend, or other 3rd party provider.
The Process
When you notice your account has been hacked you contact your account recovery partner (the trusted individual) and ask them to submit a request to change the locks on your account. They verify you by whatever means they find satisfactory and then submit a proposal to the blockchain to change the locks to the ones you gave them.
Once the promposal is submitted to the blockchain, you will have 24 hours to login with both your old and new keys (aka passwords). Any key you used within the past 30 days is sufficient. If you login in time, then the keys will be changed and the hacker will be locked out.
If you don't have a key that was used within the past 30 days, then your account will be unrecoverable.
Why it is Secure
This process is strictly more secure than what any cryptocurrency offers today. Your trusted account recovery partner does not have access to your account because they do not have access to any of your keys. This means that your account is secure unless you are hacked by your account recovery partner. Because you know who your account recovery partner is there is little chance they could hack you and get away with it.
What if your Recovery Partner is Hacked too?
In this case, they would simply appeal to their own account recovery partner. Once they recover their account, then they can work with you to recover your account. It is exponentially unlikely that the hacker can compromise all accounts in a very long chain of recovery partners.
Changing your Partner
At anytime the owner of an account can request a change to their recovery partner. After a 30 day wait (during which the change can be challenged), the recovery partner is updated. This means that if you buy an account from someone, then you can rest assured that they cannot take it back. It also means that if you don't like your current partner then you can change it. The recovery partner has no say over the process.
Selling / Transferring Accounts
Under this system it is still possible to transfer accounts. You must either notify your recovery partner of the change or change the recovery partner. Transfers can be instant if you both trust the recovery partner, or they can take 30 days if you don't trust the recovery partner.
Keeping the Horses in the Barn
When a thief breaks into your house he can still do a lot of damage while you are getting the locks changed. Any cash you have laying around can be taken. You may get your house back, but the cash is still long gone.
Enter Steem Power
90% or more of all wealth in Steem is held in the form of Steem Power. This means that even if the thief gets into your house, he must wait for the time-lock safe to unlock before he can get to your cash. As long as you get your account recovered before your account can power down (1 week) then 99% of your Steem Power will be safe.
Future Work
Now that we have a rock-solid account recovery process, we will add features for people to hold STEEM and Steem Dollars in time-locked "savings" accounts. These "savings" accounts would add a multi-day delay to any transfer request. If your account is hacked, then you will have a few days before your "savings" is at risk.
Conclusion
Steemit has created a solution to account security that is completely decentralized and based upon real-world identity rather than the poor substitute of a single private key. The entire social network collectively secures and identifies each other. It does all of this without introducing an increased level of trust nor requiring a centralized provider.
Under this model it should be completely unnecessary to hardfork in response to a hack. Any money that does get lost will be small amounts of liquid cash held outside of Steem Power or the time-locked savings accounts.
Due to these extra measures, Steemit can continue to provide a web-based interface even though keys will get stolen from time to time. What won't get stolen is account identity and that makes all the difference in the world.
In information security speak what Dan is talking about is incident response and disaster recovery. As long as the system you build has an ability to "self heal", which means to recover from attacks and develop immunity to future attacks which use the same methods, then you'll do fine. The attacker might be successful and in that event the system is resilient enough to heal and recover continuously from threats like an immune system.
Roaches for example are almost impossible to exterminate because they mutate so fast, reproduce so fast, and adapt to threats so fast. This indicates that roaches are incredibly resilient to attack because diversity and fast mutation provides collective security for the roach species. I wrote something about this in an article called Attack Tolerant Information Systems, and the point is you're never going to be able to prevent attacks but you want to build systems which tolerate being attacked and develop an artificial immune system of a sort.
That kind of solution may go beyond what Dan is talking about with Steemit so far but I thought I would mention it anyway for people interested in the state of the art in security.
Convenience vs security can be bypassed if you have good disaster recovery. Group owned accounts using multisig is the best idea. We can secure our accounts through our social networks of friends. If we are using Facebook then in the event of a compromise we can confirm on Facebook that it is us. Or we can simply use a PGP signed message which I also made a section for for on Steemit. If you know how to put up a PGP public key then I suggest you put one up in your blog just for Steemit.
Although, not completely related to the technical aspect of your post- I discovered a method of roach extermination on Amazon.com -which proved to be more effective than modern pesticides. Boric acid pellets worked more effectively because the roaches will crawl upon the pellets and often ingest the powder from the pellets as well.
Aftéwards, the roaches will transport the powder from the pellets back to the nests via its limbs. All of the roaches in the nest are exposed to the Boric acid residue introduced by the host. The host dies and all of the roaches in the nest as well.
Their ability to mutate and reproduce is cancelled within the nest environment. All other roaches -when exposed to the morbidity within the nest, will eventually flee the immediate area of infestation.
I believe modern manufacturers of pesticides discovered that boric acid was less profitable-because the roaches ceased to mutate, reproduce and develop the instinct necessary to evade attack.
Pleas check out this post I made about a steemit Bug the dev's should see this post so they can fix it. https://steemit.com/bug/@stijn/steemit-bug-needs-to-be-fixed
I commented in the wrong place sorry (edited)
this is incredibly interesting, thank you.
Pleas check out this post I made about a steemit Bug the dev's should see this post so they can fix it. https://steemit.com/bug/@stijn/steemit-bug-needs-to-be-fixed
https://finance.yahoo.com/news/darpa-grand-cyber-challenge-hacking-000000417.html
This sounds like a lot of the concepts developed by James D'Angelo. I hope he's being reward it!
I'm confused, are we able to use multi-sig on steemit yet?
I have no idea what you are all talking about but its interesting and I guess I have to learn how to lock my new steemit home ...Thanks for this @dan , you made my head very dizzy :)
Good lord! This makes me so insanely bullish on STEEM.
I think this can solve so much of the bad press and bad UX that have hindered adoption of crypto in general.
This solution is decentralized and can be applied to lots of other fields. Very similar to the way private law would operate in a Voluntaryist society.
The fact that STEEM has the vesting feature just makes it all that more robust.
So let me get this straight.. first you find a way to onboard non-crypto people into the crypto world.
Then you find a way to make POW non-ASICable (by posting, commenting and upvoting).
Then you figure out how to effectively peg a cryptocurrency to the USD.
Then you find a way to make transactions on a blockchain free.
Then you find a way to build a browser side open bazaar.
In fact pretty much everything is browser side for the masses to just type www. whatever and begin...
Now this genius free market solution to preventing theft!
Hat's off to you and your team...
As I said in one of my very first BitSharesTalk posts "Can we get a couple of full time security guards to guard this dude's house while he free's the world from tyranny?" haha!
Very innovative concept. As many of us know we can always expect fresh creative and ingenious ideas from team Larimer!
Guys this is brilliant. this is why i dont mind investing into this, the devs are just world class.
right on the money
When will we see in the GUI
what about transactions? when are they re-enabled?
what I'm currently missing:
mobile app
marketplace (in development)
escrow (in development)
messaging (in development for GUI)
down votes stake based. (do not hide posts for newbie dv's)
restrict accounts with less than 20 SP (eg 1 post per hour, commenting every 10 mins)
better wallet overview (example add a ticking $D interest counter, explain payouts)
add clickable links to history payout posts
add follower stream
add mute lists and make them follow-able via proxy
language filters
addthis.com sharing buttons
post stats / analytics
referral program
a blog page where the user can decide which posts to show
night mode theme
ipfs images integration
There should be a mobile app for sure. User experience can be so much better.
They are working on it - heard it in a youtube interview with one of their devs
completly agree with you
Good list of future improvements.
This post is only about the technology being deployed in the hardfork taking place in 24 minutes. We are working to improve the web interface to take advantage of these features.
Yeah this is why Steemit is going to be successful compared to these other complicated cryptos that most people in the world would be confused/possibly scared by..
I believe in STEEM all the way which is why I'm holding out for my helicopter and island.. I tried to inspire people in a post I did yesterday called What sounds better.. a new car or a yacht?
Check it out and let me know what ya think :D
https://steemit.com/investment/@stealthtrader/what-sounds-better-a-new-car-or-a-yacht
My account was hacked and I did not receive any support via email from steemit support. They did not do what they presented.
Dan, it may be a good idea to state the timeframe for this recovery process to be fulling implemented and in effect as some folks me immediately become more relaxed on security, misunderstanding that the procedures and protocols are not yet in effect.
All I can say is that our developers are working around the clock to get this out as soon as possible.
The necessary blockchain level features are now in place. The web interface to enable the use of these features to recover accounts is half done and will be deployed as soon as it is ready. We wish to make the experience as smooth and seamless as possible to recover your accounts.
Thank you and please take your time. I am sure we can all wait for a solid implementation, rather something done under the pressure to rush out with!
Thank you and your team for all you're doing as far as security. It really says a lot about your commitment and responsiveness to the community needs... We're all grateful for the project overall Great Work!!!!
This is amazing, ground breaking is the right word, and the idea of a security parter goes hand in hand with steemit being a social network platform. This is also easy for the average person to adapt, no technical savvyness required.
There is a concept called "Social Networks as Contract Enforcement" in academic literature. Not only can you provide security in this instance but you can possibly do loans and other things which require trust. So for goods and services I think Steemit can expand into that too and compete with the likes of Open Bazaar with an edge.
Open Bazaar you say.. when the steem dollar marketplace launches, you wont be saying "Open Bazaar" anymore
How do we go about chosing a partner?!
by default all accounts have the account creator (steemit) as the partner. If you are an advanced user and pay to create a new account, you will be the partner on the new account by default.
We will provide an interface in the wallet as soon as possible. Please understand that interface work takes much longer than backend work.
Thank you for taking the time to answer our questions. You guys are under a lot of stress and pressure and, I imagine, lack of sleep. We appreciate you and please take the time to do it right. thanks.
I'd like to know how we choose a partner also?
@dan, this is remarkable. I haven't read through all the comments yet, but here is my biggest concern:
If a thief gains access to my account and powers-down to try to steal my SP, is that power-down request still set in stone when I recover the account? I.e., even if all my wealth is held in SP, it seems like a thief can effectively destroy my account by powering-down. True, he won't get any of the steam points, but now all of a sudden I don't have any SP because they're powering down for the next 2 years.
My question may actually not be relevant, depending on the answer to my earlier question about the timing of power-down.
from what i see. power down can be canceled at anytime. after 1week or 10. So that's not worrying. Also, if this will work, you'll have access back to your account in a day not 2 years, as much as i understand it at this point!
You can cancel power down.
And there it is. Thanks!
I hope the problem can be resolved properly, thanks to this notice and it was very important, waiting for good news my brother @blackjincrypto account being compromised, hopefully it can be re-accessed
hi
Sounds good!!!!!!!!
That you guys have been able to think through and so quickly deploy this in the midst of everything else is damn impressive. Great job to all!
Hello! I would like to get your opinion on this. Thank you! https://steemit.com/steem/@acidsun/banners-for-steemit-community
Thank you for this.
I agree with @dan on how any high-tech approach to the "impossible" 100% account/wallet security, will inevitably hurt user experience.
I think for now, the proposed method above will suffice, if we find other methods in the future that can improve on this, then why not?
Thank you again for being vigilant on this front. Security should always be one of our top priority. ANYWHERE. -east
Thank you for this article and the expalanation. Very impressed how you keep learning from challenges and keep blockchains improving.
Very nice work, this is truly an awesome addition and creates a new standard and sets the bar for all other cryptos.
I AGREE! Thank you for posting. Hope you get this to snowball to the top!
I up-voted you too... BTW, should steemit let us steemers advertise using steem? Be sure to tell everyone you know to come vote here at: https://steemit.com/steemit/@kingtylervvs/if-steemit-ever-does-decide-to-advertise-there-is-only-1-way-it-could-work-in-my-opinion-debate
This is a democratic community decision.
One of the important things here is to maintain honesty . Vote for posts and comments that are really good, or similar to your personal preferences. Many strategies made just for making money, are destined to fail, probably work a while but the community will go towards equilibrium.
The best strategy is generate value and find good posts or comments before the rest.
Great post!
All of these attacks and FUD being spread across the web have me even more interested in steemit. We have got the attention of some powerful people and they are not happy. I myself started to doubt the power of this thing, but I am seeing the light.
Keep up the great work dan and crew.
Go dan...go dan
Good news!
BTW, I've been heard that there is gonna be a russian analog of Steemit soon. What about source code, is it open? What is the license?
I suggest you create 2 accounts and become your own trusted 3rd party. That account you don't use unless your keys are stolen. Trustless!
great idea. multisig same too.
This add an incentive to power up. One should not hold Steem in his account for security reason. Great solution @Dan
everyone should power up...
You can apply time-lock to your liquid steem/steem dollar in your wallet as well.
that is a future proposal, not currently implemented.
what does time lock do?
This is perfect, amazing progress in development. Especially considering how the problems came to light with the attack just a few short days ago. You guys are putting on a crash cource in the perfect way to begin a crypto project. Transparency, skills and most importantly excellent solutions to problems with real results. Bravo!
👍great post @dan,this is very important information...
It seems to me the most important part of this will be to create a long chain of recovery partners. I like that thoughts coming out of this as they seem pretty foolproof. I'm also super curious about the time locked savings account.
Well this is a relief considering i'm living off steem currency alone for 30 days.
https://steemit.com/steemit/@ma3/i-m-going-to-live-off-only-steem-for-30-days-and-see-how-it-goes-advice
This is great! I suppose the hack was a wake up call of sorts to implement better security measures and features. Hopefully you will be implementing some changes to the web interface soon to make things a bit easier for all the users of the platform. But cheers on this ground breaking solutions for everyone on the platform!
Good system of restoration. You are good fellows!!!
Хорошая система востановления. Вы молодцы!!!
@Dan I read this 3 times and still confused on how this works sir.
Excellent. Way to be on top of things. Big Big VOTE UP!!
The STEEM team is a big part why this will more then succeed.
Thank you very much for the continued transparency and updates, @dan .
I am very interested in seeing how you approach security - it is an innovative, and in my eyes ingenious, approach, which seamlessly addresses one of the core challenges when it comes to security: the user. I very much appreciate how you wish to enhance the user experience whilst keeping it as convenient and easy as possible to ensure proper security for as many users as possible. Kudos.
Excellent article another feature that could be added is for people to hold STEEM and Steem Dollars in partner-locked "savings" accounts. These "savings" accounts could add a "trusted partner ID verification" (or multiple partner ID verifications ) to any transfer request. This would make near instant withdrawals possible with no need for a time delay. Beneficial for those needing liquidity at all times.
This could be implemented by submitting the phone numbers of " trusted partners " who could submit the verification along with a code from googles "authentication app" on their phone/s.
I love Lastpass with hardware 2FA yubikey with NFC for mobile. 100+ character passwords are no problem.
Hi @dan. I'm quite new to this and not very tech savvy. While I think it's great that you're making account recovery easy I wonder if you could further consider the user experience. So far, making the system more secure has also made it more complicated for less techy people and I'm finding that people I know who have signed up don't ever want to even try logging in again. Here are some comments from friends that I had sign up.
I've written a post here which proposes a possible solution.
I wonder if you or Ned have considered it already.
My brothers post suggests that SteemIt.com needs to support the U2F protocol in order to allow users to secure their accounts with an actual physical key (like a USB) that the account holder uses to plug into the computer when logging in.
I'd love if you'd consider it
This looks very promising compared to other security implementations platforms are taking and a complete rethink is needed, keep up the good work dan
This was a team effort. I am very grateful for the all the developers who have been working 18 hr days this week to enable this innovation.
good tutorial there needs to be a place where you can find them all at one place
Congratulations, is a great post!
Do you like it?:
My God STEEM
https://steemit.com/steemit/@decryptson/in-wake-of-steemit-hack-important
Great and very solid concept! I truly believe that next project, which can solve Identity-based problem (blockchain powered, obviously) will be next big thing. Huuuge thing!
You guys keep on surprising us!! One after the other innovative ways to deal with things. That's why Steemit is growing so fast and it deserves too!! Where else do you see groundbreaking solutions to different things all in one place!
I cannot thank you enough @ned and @dan for all the work that you put in and others as well who work countless hours to ensure the success of this platform. Really grateful to have come here. I am going to bring more people in so they too can experience the awesomeness that is Steemit.
Fantastic solution!
These kinds of innovative & practical solutions from the Steemit team give me incredible confidence in the platform. It's hard to maintain the balance of user-experience and security and this is a creative & elegant solution!
Steemit forever! :)
I love the sheer amount time, planning, and future penetrability issue prevention that not only the Steemit Devs themselves put into their work,
but that the community itself adds onto and in turn creates a community
where we don't just feel like we as individuals, with our singular voices,
can have a positive impact, but where we actually see how often that
actually occurs.
This (Steemit) is an absolutely remarkable breakthrough in every aspect of
social media/interaction, cryptocurrencies, and technology as a whole.
Signed,obfuscate-meBeing in the risk management field, these extra safety features give me a lot more comfort as a user. I reflect this off of Facebook, which will sell your information to the highest bidder and delete and ban certain speech. I see a change coming, ans Steemit is placing themselves in a position to take that market share.