New to Busy?

Be careful when using SteemConnect - call to busy.org for necessary changes!!!

44 comments

rmz
46
last yearSteemit4 min read



If you ever used @busy.org, @smartsteem, @dtube, @dmania or @utopian-io or any of the other third party applications, you have come into contact with SteemConnect.
Login once and every time you go back to the application it automatically knows who you are and logs you into the application.

First off, great tool

Let me start by saying I applaud the efforts of @busy.org in building this tool.
A well-working, properly designed tool, which all apps can use, will reduce the risk of everyone creating their own authentication package, and reduces the risks of badly written code and stolen keys.

However...

Now here we come to the crux of the matter. If you don't logout of the app you were using, the next time it automatically sees who you are and logs in using your information. This is great, it saves time to reenter your password and you don't need to know all these keys by heart, which is quite impossible.

But it is a hassle when you want to login under another account.

Basically, you can't! If you choose "logout" and then "login", SteemConnect uses the last account used for this app, on this computer!
Unless you remove the cookies that SteemConnect saves, you're screwed and cannot change accounts. This has been mentioned in a few posts already, when people wanted to change accounts, but so far nothing has been done about this.

Not my problem

Do you care about this, if you only have one account? Probably not, nothing to see here, just keep walking.

But it IS your problem, or potentially, it can become your problem!

When was the last time you used a public computer, or the computer of a friend?
On vacaction, do you only use your own computer or tablet, or do you also go onto public computers sometimes? Maybe to print boarding passes, and while I'm at it, let's see how my smartsteem is doing? Or do you want to upload that great holiday video on d.tube?

If you do, the next person to use that computer will have immediate access to this app, with your data and can do whatever they want with it. Maybe transfering all of your Steem and SBD to their own account if you've used busy.org for instance on that computer, or place a post which will get you downvoted into oblivion? Even if you remembered to sign out of busy.org, the next person on that computer will still be automatically signed into YOUR account.

With the addition of applications running on the steem blockchain, and acceptance of SteemConnect, this problem will only grow, until we do reach a situation where someone looses their keys. The resulting blowback can be huge, especially since this problem is known.

Well, at least, with this post it is ;-)

I call upon @busy.org to make the approriate changes to SteemConnect, so the cookie expires quickly, but also to remove the cookie when someone logs out of a program.

Make it so you can switch accounts and the risk of stolen keys is minimized.


Let's make this true again.

#UPDATE:
with thanks to @fitinfun let me add the following: you can use an incognito (Google Chrome) or private (Firefox) window. This will not store the information, so nothing is left behind when you're done.
Do make sure that you have the appriopriate keys with you (on paper).
You can open an incognito or private windows by selecting the menu in the upper right hand side of your browser (the three lines or three dots over each other) and select "New Private Window" or "New incognito window".

Comments

Sort byBest