Hate putting private keys into websites? Introducing Steem Keychain!

avatar

One thing that has bothered me since I started using Steem over a year ago, is that every single web app requires you to enter your private key into the website to use it.

The common response to that is that it's not a big deal because most sites only require your posting key, but I disagree. Sure you and I may know how to use our posting key but I'm guessing that a vast majority of Steem users just use their master password.

As a blockchain platform trying to cater more to the general public I don't think it's ok to put the burden of understanding the different keys and levels of security on the users. The tools and services should be built such that security is the default.

Additionally, most web apps built on Steem use Steem Connect, which requires you to put your active key into their website and then uses that to grant posting authority on your account to an account they control.

What I commonly hear regarding steemit.com or Steem Connect is that it's ok to put your active key into those sites because they are run by Steemit, Inc. Even if I were to fully trust Steemit, Inc not to purposely steal my keys, anyone can be hacked. If the servers hosting steemit.com or Steem Connect were hacked, I expect that thousands of keys would be stolen, and accounts would be emptied of liquid funds, within a very short period of time.

The last, and final option, is to use the Vessel desktop wallet software. This is actually a great option from a security standpoint, but from an ease of use standpoint it's not great, and I find it very unlikely that all but a small group of power users will use it.

So, for a long time I just accepted that that's the way Steem is, until one day when I actually used an Ethereum dApp. Despite it being slow and costing fees, I noticed that at no point did I have to enter my wallet private key into the website. The website simply called the Metamask browser extension to sign and broadcast the transactions for it.

Once I realized this, I couldn't understand why on earth there wasn't something like Metamask for Steem. Not only would it completely resolve the issue of having to put private keys into websites, but there's also so much more you could do with it on Steem than on Ethereum (seeing as Steem is specifically built for websites to interact with it).

At this point I was already knee deep in Steem Monsters, but I felt that this was an absolute necessity for the Steem platform so I talked about it with @aggroed. He agreed that this was an important project and wanted to help make it reality. Since I didn't have time to build it myself, we decided that Steem Monsters should fund its development.

So Aggroed and I got to work writing up specs for the extension, what features it should have, creating wireframe designs, etc. Then we got the amazing @nateaguila to do the graphics and UI design, and finally got Mr. Steem Plus himself, @stoodkev to do the bulk of the development.

Introducing the Steem Keychain Chrome Browser Extension

Finally, the Steem Keychain Chrome browser extension was born! I have been using it actively while it has been in development for the last couple of months, along with Aggroed and some other people we brought in to help test it, and I can say with some certainty that this will change the way you interact on the Steem blockchain.

Take a look at the following video to see what I mean:

Using the extension I was able to easily view info and make transactions from multiple accounts, and interact with the Steem Monsters web app without ever compromising any of my keys!

Currently Steem Monsters and Peak Monsters support the Steem Keychain extension, and Steem Peak is working on adding support as well. My hope is that one day all Steem-based sites, dare I say even steemit.com, will support the extension as well, and the days of putting keys into websites will be over.

Current Features

The Steem Keychain extension currently includes the following features:

  • Store an unlimited number of Steem account keys, encrypted with AES
  • Easily view balances, transaction history, voting mana, and resource credits for all of your accounts
  • Send STEEM and SBD transfers right from the extension
  • Securely interact with Steem-based websites that have integrated with Steem Keychain
  • Manage transaction confirmation preferences by account and by website
  • Manage automatic lock settings to lock when the browser is closed, the device is locked, or after the browser is idle for a specified period of time

Website Integration Features

Websites can currently request the Steem Keychain extension to perform the following functions / broadcast operations (note that by default, users will have to confirm any transactions requested by a website, but they have the option to turn off the confirmations for specific operations and websites as desired):

  • Send a handshake to make sure the extension is installed and running
  • Decrypt a message encrypted by a Steem account private key (commonly used for "logging in")
  • Post a comment (top level or reply) including a "comment_options" transaction for beneficiaries
  • Broadcast a vote
  • Broadcast a custom JSON operation
  • Send a transfer
  • Broadcast a delegation operation

New Features Coming Soon™

  • Power up / down
  • Manage delegations
  • Manage witness votes
  • Claim pending reward balances
  • Support for Firefox and other browsers

Integrating with Steem Keychain

The code for the extension is all open source and available on Github here: https://github.com/MattyIce/steem-keychain

The readme contains instructions for Steem-based websites to integrate with the extension. If you need any help or have any questions / suggestions for integrating Steem Keychain into your site, please feel free to contact @yabapmatt or @stoodkev on Discord.

The Broader Mission

As you probably know, @aggroed, @stoodkev, and myself are Steem Witnesses. I can only speak for myself here, but I suspect that both @aggroed and @stoodkev have very similar thoughts and goals.

Beyond the standard work that witnesses are expected to do (which was brought into the forefront recently with the HF20 release), I think that each witness should have an overall goal, or mission, for the future of the Steem blockchain that they are primarily working towards.

For me, that mission is bringing more and varied apps to the Steem blockchain. I plan to go into this in more detail in my next witness update post, for which I am long overdue, but I am mentioning it here because I feel that the Steem Keychain extension is a critical component to that mission.

I am talking with some Ethereum app developers who are considering porting their apps to Steem, and they told me that almost all of their users use Metamask to interact with their apps and they were surprised to hear that Steem doesn't have something similar. Well now it does.

If you also support this mission, I ask that you consider voting for myself, @aggroed, and @stoodkev as Steem witness (and also support @nateaguila's posts as he is a talented and valuable contributor to this project and the Steem platform as a whole).

In Conclusion

Please keep in mind that this is a first version of a brand new product. There will likely be some bugs or other issues that we didn't catch during testing. We welcome help and constructive feedback from the community to improve the product and work to achieve the stated goal of completely eliminating the need to put private keys into websites.

In case you missed it, here is the direct link to download and install the extension in Chrome: https://chrome.google.com/webstore/detail/steem-keychain/lkcjlnjfpbikmcmbachjpdbijejflpcm We would also appreciate you taking the time to rate the app in the Chrome web store to help increase its visibility in searches.

Be free and Steem on!
@yabapmatt



0
0
0.000
261 comments
avatar

Wow this is nothing short of revolutionary for the blockchain! Hopefully we see integration happen with a lot of sites!

0
0
0.000
avatar

Wow, who wouldn't wana try this out? Its an exciting introduction to the steemjet blochain to me and I bet that in no time a lot of people would embrace this.

As for the bugs, they should ve expected. But from the feed backs u would be getting from the users, you Wil be able to fix them all in no time.

Keep it up boss...

0
0
0.000
avatar

Man this is awesome and very much needed. I hate giving out my password. With all the security leaks across social network sites one can never be too careful.

Thanks for your teams hard work and its nice to see some of the profits of steem monsters going back into the steemit/steem ecosystem.

0
0
0.000
avatar

This is what I find so lovely about this. They earn and then make an effort to make the platform grow. Not like others that just line their pockets and isolate themselves in their little moneyhuts.

Posted using Partiko Android

0
0
0.000
avatar
(Edited)

Thanks for posting this. You have received a Preemptive Strike by one of our simulcasters, @johnspalding.

Preemptive Pile.png

This post will be featured on our next LIVE broadcast. Typically we broadcast on Tuesdays at 9:30pm EST on the @vimm streaming platform. Check it out and come online if you are available.

0
0
0.000
avatar

I've been using metemask for eth for over a year... I'm applauding right now, this is just fantastic... I'm going to download this right now and maybe even write some thoughts on it too... Thank you Matt for busting your butt to make this blockchain a better place .. and thank you Aggy for your contributions

Posted using Partiko Android

0
0
0.000
avatar

Amazing, this is just a passage to steem and every other dapps built on it. It is handful and a secure means to hide your passwords from countless number of website requesting for it.
Thanks to the team on this.
Resteemed!

0
0
0.000
avatar

Excellent. hardworking for the benefits of community. really an excellent group. thank you all.

0
0
0.000
avatar
(Edited)

Great work yabapmatt and Stoodkev. I'd love to implement this in some way with our DTUBE uploader.

0
0
0.000
avatar

Can't wait for this to come to firefox

0
0
0.000
avatar

I've been using it for a month now, and it's made the experience so much more streamlined and enjoyable. The extra peace of mind is incredible too.
Huge shoutout to the devs on this. Highly recommend.

0
0
0.000
avatar

Can you use this with Steemit already? And Busy?

Posted using Partiko Android

0
0
0.000
avatar

No, not yet, but I know a lot of dapps will be interested. Peakmonsters and Steemmonsters are the only ones I know of so far.

0
0
0.000
avatar

I have been using keychain for the past couple days and it is awesome

0
0
0.000
avatar
(Edited)

We look forward to implementing keychain on https://steempeak.com we are big believers in it.

PEAKMONSTERS USAGE
Our partner site https://peakmonsters.com has already been using Keychain for over a month now and it's been a raging success. Specially with people who buy cards frequently it makes it much easier and we believe much safer. (unless you often walk away from your laptop in public places)

0
0
0.000
avatar

I just reviewed @steempeak in detail and really loved it. Someone really put a lot of effort in this project but it still seems undervalued. It would be really nice addition if you add this keychain on it and thus give users almost a perfect experience. Good luck!

0
0
0.000
avatar

Steempeak is really becoming the most dynamic STEEM UI out there, power on!

@jongolson, if you catch this, please consider mentioning Steempeak in a Savvy if you haven't already (I have not unlocked all videos yet -- which is another issue for testing, but more on that later).

0
0
0.000
avatar

for sure. it’s planned absolutely. i just don’t have a working knowledge of it yet. but will be diving in much more. thanks for the recommendation

Posted using Partiko iOS

0
0
0.000
avatar

Why Steem UI? I can't use normal Steem from there. Though the cards are based on Steem. 🤔

Posted using Partiko Android

0
0
0.000
avatar

Ah, perhaps you're confusing peakmonsters.com with steempeak.com itself? Steempeak is used for blogging. The most dynamic STEEM UI "for blogging" is what I should have said :)

0
0
0.000
avatar

great news!

0
0
0.000
avatar

This is one of these things that you never think about and then don't want to miss it as soon as you start using it. Awesome work!

0
0
0.000
avatar

Wow great idea, Thank You for sharing this to us!

0
0
0.000
avatar

This sounds fantastic. I will surely install the extension and use it. Am sure it would be pretty secure.

Posted using Partiko Android

0
0
0.000
avatar

This is awesome! Thanks for adding value to the STEEM blockchain and better security for my money. I will start using this immediately.

0
0
0.000
avatar

Freakin Sweet dude!! Nice, clean and navigatable GUI. Shucks Yeah!
You be steady producind killer tools and utilities.

Thank you for your time.

0
0
0.000
avatar

This is truly amazing and great step towards better UX. SteemConnect v2 was already much better than SCv1, but your Chrome extension is a whole new dimension!

Thank you!

0
0
0.000
avatar

To listen to the audio version of this article click on the play image.

Brought to you by @tts. If you find it useful please consider upvoting this reply.

0
0
0.000
avatar

This is rad, Matt. Keep up the awesome work!

0
0
0.000
avatar

Wow, this is incredible. You may or may not believe this, but I was looking for a better solution for entering keys just yesterday, it's almost like you read my mind! But as you said, it's a common concern for everyone!

I'm not sure if this is possible as I'm not the best at technology lol, but would there be a way to integrate a maximum amount for transfers per day given the key that you entered? I'm not sure if that's something that has to be integrated on the private key level or not, but it would be cool if you could set some sort of limit in case of unwanted use/access.

Thank you for doing this!

0
0
0.000
avatar

For someone who's not the best at technology, you can sure build a team.

0
0
0.000
avatar

haha! Yeah, I've spent hours and hours playing SM and studying the abilities and playing matches to figure that stuff out!!! Thanks ;)

0
0
0.000
avatar
(Edited)

Hi, I wrote a post a week or so ago on how losing between 0-100% of curation rewards to the pool when you upvote a comment within the 15 minute window is an annoyance if you want to upvote comments in a live comment thread. Very often, I write something and get a reply back almost immediately (or in a time much, much shorter than 15 minutes). I'm big on monetizing engagement. But under the current rules, my upvoting immediately means my rewards go back to the pool instead of my conversation partner. That sucks but is easily remedied with 15 minute or so delay in broadcasting upvotes on a comment. Too often I forget to come back to upvote comments in conversations that I've had. It's also annoying to to have to wait and go back to a conversation to upvote. It's even more annoying to effectively lose part of your SP by upvoting immediately.

If websites are to integrate the Steem Keychain in such a way as to have it not only sign transactions but broadcast them on their behalf, I wonder if it would be a good idea to implement an optional 15-minute delay on Steem Keychain?

0
0
0.000
avatar

Wow so immediately upvoting a comment is essentially nothing but a waste of voting power?

Seems like a great UI feature would then be to have a time slider on the upvote menu in addition to the power slider. Therefore, I could upvote at 55% power in 13 minutes.

0
0
0.000
avatar
(Edited)

It's a waste of curation rewards. Let's say you exchange comments with someone and upvote each other's comments immediately. Before HF20, neither of you would get curation rewards for the comments because the author (your conversation partner) would get them. Now the curation rewards go back to the pool. Neither you nor your conversation partner get any curation rewards. Easily fixed with no hardfork by delaying the broadcasting of the upvote by 15 minutes, in which case the upvoter gets all the curation rewards.

0
0
0.000
avatar

Seems strange to implement that, dunno why you want people to burn things for voting too early. Is this explained somewhere?

Posted using Partiko Android

0
0
0.000
avatar

Before HF20, many authors would upvote their own posts immediately in order to minimize the curators' cut. Now that curation rewards from early upvoting go back to the pool instead of the author, immediate self-upvoting has become a loss-making strategy.

Posted using Partiko Android

0
0
0.000
avatar

Hmm, I now vote at 12min because most of the votes start coming at 13min. Am I breaking something? 😭

Posted using Partiko Android

0
0
0.000
avatar

It's only the curation reward portion that gets burned (max 25% of the vote value if the vote is immediate). The other 75% still goes to the author as intended.

0
0
0.000
avatar

Will we be able to do custom transactions directly from the extension? I want do operations without middlemen. Steem-plus takes 5% mandatory beneficiaries if you launch beneficiaries from their extension. I want to create a more flexible tool but if you're doing it in your extension I can calm down about that.

Posted using Partiko Android

0
0
0.000
avatar

Matt this is awesome! You all did a terrific job and I love how you identified a problem and found a solution (especially when it comes to making it easier for the less complex people like me)... That is the kind of mind we need to add to all problems here on Steemit, and its exactly why I vote for you as a witness. You care about our experience and it shows in everything you do!!!

0
0
0.000
avatar

Finally publicly released :)
That's an awesome tool guys!

I can see in the source code that the tool is tied to https://api.steemit.com, are you guys planning on adding a way to plug it into the testnets and more generally to the other full nodes? (like metamask, a simple dropdown list)

0
0
0.000
avatar

Ah yes, I totally forgot to add that in the list of future features. Definitely want to allow users to choose the node it connects to. Also want to add support for additional tokens and sidechains which i've heard some awesome developers are working on :-P

0
0
0.000
avatar

Do you think they hold our keys on their servers without any encryption? That would actually be kind of sad.

Best Regards,
Mysteor Team

0
0
0.000
avatar

No they absolutely do not keep the keys on their servers at all (or they shouldn't). All operations are signed in the browser, however that does not mean there are no ways that the keys could be stolen if the servers hosting the site were hacked.

0
0
0.000
avatar

It is really risky to share your posting key.Is there any other way @yabapmatt to avoid it from sharing?

0
0
0.000
avatar

Another day, another fantastic development here. :) This makes life so much easier.

0
0
0.000
avatar
(Edited)

Thank you for your work on this and I sure appreciate that it offers a faster and simpler option. I'm not technical, so I don't understand a lot of these things, but my understanding is that browser extensions are not really that secure either. I've always been told it is kind of sketchy to use your password with an extension. Am I wrong there?

0
0
0.000
avatar

This is an important conversation so thank you for bringing it up. As far as I know the security concerns around browser extensions primarily come from fake extensions being listed in the stores that impersonate real ones to steal keys. As long as you are careful to only install and use the legitimate version at the link i shared above there should be no security concern.

I think the fact that Metamask has been widely used for storing Ethereum private keys for a long time now shows that browser extensions can be a secure and user-friendly way to transact on blockchains, and we have built Steem Keychain to work as similarly to Metamask as possible.

0
0
0.000
avatar

With extensions you are placing a large amount of trust in the developer and the codebase. For example, the extension requires permission to:

Read and change all your data on the websites you visit

Hence, a malicious developer could not only steal your Steem credentials but possibly even other types of personal content.

I happen to know @yabapmatt is not malicious. However, there is still the possibility that his account gets hacked and a malicious version of the extension is released to the Chrome store. I'm not sure how common this type of attack is and what sort of screening extensions undergo to prevent this.

So in summary, browser extensions can be secure, as if implemented properly they perform all sensitive tasks client-side, which is good, but also can easily leak sensitive data should they be poorly engineered or created/hijacked by an attacker. Please add to my understanding if it's incomplete.

0
0
0.000
avatar

All good, valid points. There's really no situation where it's completely impossible for keys to ever get stolen. I will say that the extension purposely never stores the owner key or master password for accounts, so if there were to ever be a hack, while that would certainly be bad as active keys and liquid funds could be stolen, it's a much easier situation to recover from since you can just change your keys and not have to go through the account recovery process.

I believe this is still more secure than the system being used now where if any of the sites into which people are putting their keys are hacked, many master passwords will be stolen.

0
0
0.000
avatar

Much more secure indeed in this era of middlemen. I just wish browsers had a much heavier emphasis on security in order to facilitate these tasks with the biggest convenience:security ratio.

Posted using Partiko Android

0
0
0.000
avatar

You have a ability to download the extension to your harddrive and tell Chrome to load it locally. Your copy of the extension would then be updated only when you update the code manually

0
0
0.000
avatar

And how do you download the extension to local HD?

0
0
0.000
avatar

Hi @haejin

The following instructions have been written for a Mac computer, but for a Windows computer, it's very similar:

  • Go to the Steem Keychain GIT repository: https://github.com/MattyIce/steem-keychain
  • Click on the "Clone or Download" green button
  • Select "Download ZIP"
  • Once the ZIP file download successfully, unzip it somewhere on your local HD. For the purpose of this mini-guide, I will assume you have unzipped it under Documents/steem-keychain-master
  • Now, launch Chrome and in the address bar, type chrome://extensions
  • On the top right of the screen, enable the "Developer mode"
  • Now you have three new button showing at the top left, click on "Load unpacked"
  • Browse to Documents
  • click on the folder steem-keychain-master
  • click on the "Select button"
  • You should now see the extension appearing on the screen

To upgrade you will have to download and unzip again and overwrite the files on your local harddrive then go back to chrome://extensions and click the circular arrow icon to reload the extension. Verify its version number to confirm the upgrade.

This is what Chrome extension developers do to test their extensions before uploading it to the Chrome Web Store.

0
0
0.000
avatar

Thanks! Very helpful!
Would an upgrade wipe out prior entered keys?
If one had used steemconnect or entered keys via cop paste in the past, should new keys be generated for the Key Chain; in the event steemconnect or steemit inc. get hacked?

0
0
0.000
avatar
(Edited)

An upgrade should not wipe the entered keys if you don’t remove the extension prior to the upgrade. I have not checked how the extension stores the keys but beware when you clear the browser’s cache as it might also clear the keys depending on the cache clearing options you checked. After checking the extension and testing on another computer, it seems that clearing cache does not clear your keys from the extension, to remove all store keys, you would need to remove the extension itself.

To my knowledge, SteemConnect (from v2) does not store your private keys, it uses you active key to grant posting authority to the dapps that was using SteemConnect. The key is not needed later on when posting or upvoting. The private key is still requested for each transfer or settings request. Utopian got hacked in the past, the hacker could not retrieve the keys because there was nothing to retrieve, they could only use the SteemConnect token to perform the upvotes. If SteemConnect get hacked, just revoke your tokens.

However, if you want to be 100% you have not leaked your keys somehow then yes, go regenerate them. I still recommend you kept your owner key somewhere else safe.

Posted using Partiko iOS

0
0
0.000
avatar

Do you know which option that is, so that I can look out for it if I decide to update or erase cache?

Posted using Partiko Android

0
0
0.000
avatar

I've updated my comment above, but it seems that clearing cache didn't remove the keys but removing the extension from Chrome does.

0
0
0.000
avatar

Thanks for the detailed explanation Q. I'll look into it and follow your instructions. 👍

0
0
0.000
avatar

You are completely right. The safest way is compiling the extension yourself as has been explained elsewhere on this thread.

Posted using Partiko Android

0
0
0.000
avatar

Same worries for me, i wonder if other extensions can see what you are doing if you granted them permissions like "Read all actions, websites, etc.."

Posted using Partiko Android

0
0
0.000
avatar

They definitely can. That's why you have to limit your extension usage and use only trusted and essential ones.

Posted using Partiko Android

0
0
0.000
avatar

The risk exists, indeed, no matter how small. Safest is to make an effort with your own security measures, but this extension sure is more secure than most things we normally use and makes it mal very easy and convenient.

Posted using Partiko Android

0
0
0.000
avatar

What you say is so true! I had been using Steem for many months before realising that I shouldn't be using my master key! And I'm quite tech savvy and pretty careful about internet security!
This is a crucial development not just for Steem but for the cryptocosm in general (see George Gilder's Life After Google)
Steem has an excellent key heirarchy of posting, active and master keys but they weren't being used properly by most users.
Please add a Brave plugin ASAP.

0
0
0.000
avatar

It's the fault of the frontends. They promote this behaviour. The focus needs to be changed and they need to forbid master passwords and require active keys.

Posted using Partiko Android

0
0
0.000
avatar

Wow great job! Keep it up! Do you have plans to develop something like this suitable for mobile devices?

Posted using Partiko Android

0
0
0.000
avatar

Maybe we need some instruction on how to download for the non-technical steemians.

0
0
0.000
avatar

I don't trust Google stuff. Is there a way of using it on Tor browser?

0
0
0.000
avatar
(Edited)

I remember you and aggroed mentioning the wallet months ago on the msp show. Glad to see it has been tested and ready for use! Only downside for me, now I have to use Chrome 😕 .

Thank you (and team) for this awesome feature. The few seconds spent looking for passwords can now be better utilized battling. ;) In all seriousness, you've spent an incredible amount of time developing and in this case, writing out the specs for Steem Keychain.

Having spent countless hours reading and writing simple technical specs myself at work, I can attest that it takes considerable time to write down all the details so others would be able to understand. So thank you for gathering the methodology so it can be coded into this finished product.

0
0
0.000
avatar

Only downside for me, now I have to use Chrome 😕 .

You can also use Chromium, which is completely open source. Chrome contains some proprietary add-ons, but nothing I've found that I actually use.

0
0
0.000
avatar

Issue is more laziness with having to re-bookmark and install ad blocker, etc. :)

I should be moving over to chrome or chromium anyway since my GTM web sessions never want to work on firefox. Steem Keychain is a good reason to take that step. Thanks @dhimmel! I'll take a look at Chromium.

0
0
0.000
avatar

What is gtm?

Posted using Partiko Android

0
0
0.000
avatar

oh, the GoToMeeting online software. We use it for conference calls and screen sharing, but it doesn't want to connect on my firefox when I work from home. It's fine with chrome though, so all the more reasons to switch.

0
0
0.000
avatar

Is it better than Skype and Discord or is it just used because of corporate convention?

0
0
0.000
avatar

The corps I've been with use GTM and WebEx for online meetings. It's convenient for sharing your screen with others, especially for a training or tutorial session.

Discord and Skype is more catered for social media; DM, voice chats, video chat, but I don't think it supports screen sharing. Some companies use skype internally to communicate with each other, but when it's a conference call with third-parties, I mainly see GTM or WebEx being used.

0
0
0.000
avatar

(They both support screen sharing)

Seems like these are apps specifically designed for corporate use and I assume they're easy enough to use for the average user to approach. I imagine that this is tied to dedicated IT services and other corporate support that makes them attractive. I'd have to test them to see if they're better. Skype was particularly heavy. I've seen easier, faster and more effective screen-sharing software. I haven't tried Discord's but I read somewhere that it does have this functionality.

0
0
0.000
avatar

Huh, did not know that about the screen sharing. Never used skype and discord for anything else other than social media.

It is more for corporate use because it does cost to use them. I believe licenses have to be purchase for use. I've only used them at work. Oh, maybe webex a few times back in college for projects, but the privileges were given by the school then too.

Way back in the days when it cost money for long distance calls --the clients I worked with liked having the toll free number to dial-in. I think it's just corporate norm to use one of these now. It's reliable. Clients are not always the most patient bunch.

0
0
0.000
avatar
(Edited)

Exactly! That has been my experience with corporate software, too. I used free versions and all at first until I started being a tiiiny bit late for a few deadlines and not quite being able to do some things.

It would have been alright for me as a normal user but clients don't change their minds. They don't want to install new things or be flexible. They just want things done quickly in what they believe is the best way. So I just had to adapt and use the corporate licensed software and it always worked right for me and I delivered the best for the clients.

(I'm talking about MemoQ and professional translations.)

edit: Though, sometimes, there can be better software. In our case, MemoQ was particularly great, but it was an old-timer. The industry standard was another one, I can't recall its name, but our clients were already accustomed and it was absolutely impossible to change the software we used.

Same goes for messaging. Slack would have been better but we used Skype because ¯\_(ツ)_/¯. When people are accustomed to things, and it gives you money, you just do exactly that and earn your monthly allocation of goodies.

0
0
0.000
avatar

Will this work with the Brave browser? I think that's the one we should all be using eventually

0
0
0.000
avatar

Apparently in the current version of Brave installing Chrome extensions is a bit wonky but this should improve with the upcoming Brave 1.0 release. More info in this Reddit post.

0
0
0.000
avatar

If you use adapters you have to trust the adapter too, not only the original application. If it's independent, sometimes cross platform opens the doors to vulnerabilities. You should be careful and use things in their intended environments unless you understand the technicalities of each change.

Posted using Partiko Android

0
0
0.000
avatar

Why do you think we'll have to use that browser in the future?

Posted using Partiko Android

0
0
0.000
avatar

We won't have to use it but I'd rather use a browser that can reward content producers and pays me for use of my data.

Posted using Partiko Android

0
0
0.000
avatar
(Edited)

Hmmmm. I haven't seen a reason to switch. Is Chromium any better in any respect? It still requires a Google account to sync and things like that, so it's still very dependent on proprietary services.

Posted using Partiko Android

0
0
0.000
avatar

I switched to Chrome a while ago and I really like it. The hardest part wasn't my bookmarks because they synced. It was getting accustomed to things being in different places and behaving in unexpected ways. But now I'm accustomed so everything is fine.

I love that memory in use is better compartmentalised, so if you close a tab, you recover the ram allocated to it. Firefox is much more wasteful with your resources.

Posted using Partiko Android

0
0
0.000
avatar

I used both Chrome and Firefox years ago but can't remember why I stuck with firefox. Thanks for the input. I haven't had a chance to move over yet but it is on my list!

0
0
0.000
avatar

I've always been switching because both are really great! I preferred Firefox a few months ago because it was much lighter than Chrome, but then it started being slower, so I switched to the then-faster Chrome, and now it's the inverse. I don't know. Software is crazy sometimes.

0
0
0.000
avatar

I think that was likely my reasoning too. I remember it was chrome that was faster, then it became mozilla. Now who knows; I don't have the time to surf as I used to before. Definitely crazy softwares!

0
0
0.000
avatar

Hey, guys, it's really cool that you developed this extension. So far I've always stored everything as a custom text field in my password store, but it never worked that way.
However, it would be very cool if you could release it as your own Firefox extension. There is Chrome Store Foxified, but I don't trust it that much.
Thxalot,
JanSe

0
0
0.000
avatar

Aaaaaa I always do the same! I open a Keepass document and the custom description has my posting and active and memo and owner keys.

Posted using Partiko Android

0
0
0.000
avatar

Yabapmatt, for sure 100% fantastic but i have a fear with these extensions. Is there any possibility that another extension can see what you are doing? Some of them are granted "Read all actions, websites, etc.?". As a developper, can you tell us it is 100% safe?

Posted using Partiko Android

0
0
0.000
avatar

This is actually yet another reason why using an extension to store your keys is better than putting them into websites. As far as I know extensions cannot access any data stored by other extensions, but they can access data on websites, as you pointed out. So if you copy/paste your key into a website like steemit.com or Steem Connect, then a malicious extension could steal it, but a malicious extension cannot steal it from the Steem Keychain extension.

0
0
0.000
avatar

I get it, so true! Gratefull thanks for replying. We still have to be carefull off course, another extension could do phishing, mimic same behaviour and one step up in the OS hierarchy, any process can read all our keystrokes but yes, it is better than anyhing we have now and difficult to do better, thumbs up @yabapmatt, thanks, thanks, thanks!

Posted using Partiko Android

0
0
0.000
avatar

Yes, phishing is always the biggest problem, so you must always be very careful about that!

0
0
0.000
avatar

Great addition. Still. I trust my savings wallet more then anything. 😀 goes and hides more stuff there

0
0
0.000
avatar

@yabapmatt, Really appreciated and i agree with your point where you said most of the people are using the Master Key, and in my case I've also used Master Key for six months after joining. So Safety Of Keys are vital because we are Managers of our account for sure. And now great to see that you'll put your efforts and came up with this awesome Extension Tool called Key chain. Wish that everyone will going to find it productive and in the Tutorial it's really proving what it's meant for. Keep up the great work.

Wishing you an great day and stay blessed. 🙂

0
0
0.000
avatar

Great tool man! I have had the same exact feelings about having to enter my key into these other tools. Thanks!

0
0
0.000
avatar

What an amazing extension!
I hope that most of the dapps of the Steemblockchain integrate it.

Steem is really lucky to have people like you on board!

:)

0
0
0.000
avatar

What about Firefox browser?

0
0
0.000
avatar

I mentioned in the new features section that we plan to add support for Firefox in the future. Will try to get that done asap!

0
0
0.000
avatar

Great tool. Hope it will serve its purpose.

0
0
0.000
avatar

Great work and very highly needed Web Application for Steem. Do you think that this also will work for the Brave Browser?
Please make it also compatible for the Brave Browser that would be amazing!!!

0
0
0.000
avatar
(Edited)

Amazing, was waiting for the day when STEEM would have a browser extension wallet similar to ETH...bravo guys!

0
0
0.000
avatar

Appreciate you work. Thanks for your effort!

0
0
0.000
avatar

Wow this is so amazing. Cos I dread to give out active key or master pass. Gonna look into this more.

Posted using Partiko Android

0
0
0.000
avatar

Wow this is so amazing. Cos I dread to give out active key or master pass. Gonna look into this more.

Posted using Partiko Android

0
0
0.000
avatar

Hoping this project to yield good results.

0
0
0.000
avatar
(Edited)

Fantastic!
TIMM wants this.

Are there plans for a desktop app? Work with less invasive browsers?

0
0
0.000
avatar

Finally, someone came up with a solution that is actually a BIG relief! @yabapmatt, You're awesome!

0
0
0.000
avatar

Damn, this is some well needed innovation! Thanx for helping secure things for Steemians!

0
0
0.000
avatar

Great work, and great work gets voted for!

0
0
0.000
avatar
(Edited)

How do you do great work to get votes? Can I do work and say its great in the title and it becomes great?

Posted using Partiko Android

0
0
0.000
avatar

helal sana dostun kesınlıkle muazzam bir çüzümleme

0
0
0.000
avatar

This is great! I'm going to work on making my dApp project compatible with this. Way to go. You have reinforced my confidence in you as a witness.

0
0
0.000
avatar

Have you plans to introduce this extension for other browsers?
Opera Firefox?

0
0
0.000
avatar

That's great.
Next step would be hardware steem keystores I believe.

0
0
0.000
avatar

Well I learned a few things here:

  1. There are apps that connect to STEEM.
  2. There are other sites that connect to STEEM.
  3. There are apps that ask for your private key.

Every day's a school day.

0
0
0.000
avatar

Haha every app is a 3rd party app. Steemit is a 3rd party app. :D
Blockchain isn't easy.

0
0
0.000
avatar

This is a fabulous idea! I hope there are plans for the Opera and Firefox browsers, too!  superhappy15.png

0
0
0.000
avatar

thank you for your hard work in trying to make the experience more convenient and safer for the user 👍 looks great

0
0
0.000
avatar

This could change everything! So glad someone's working on this! I look forward to the progress!
@bitsy :)

0
0
0.000
avatar

Brave browser extension cannot come soon enough

0
0
0.000
avatar

This is a massively useful new tool and shall replace any centralized password manager one might still use to handle Steem keys. Thank you for bringing so much development forward to the Steem blockchain. It is incredible what you guys pull off. Looking forward to your witness update!

I hope that the Brave Browser will include your extension. As it is build on Chrome it should already be entirely compatible and can be hacked into the browser by replacing one of the default extension folders.

0
0
0.000
avatar

wow, really cool. Great job, love it! ;) huge step for steem! :)

0
0
0.000
avatar

Must have extension! Do you have any plan to build the same extension on Firefox? Thank you for your efforts

0
0
0.000
avatar

Very good! The concept is sound and I like the colours :)

0
0
0.000
avatar
(Edited)

Would there be a way to auto populate the plugin data after account registration? This would make it really easy for normies to get plugged into the steem blockchain without even touching a key lol. Just show them a page to print their keys.

0
0
0.000
avatar
(Edited)

Awesome, though this might worry some people about the safety of their usage because they will see that websites and extensions are not isolated but can take from each other without explicit authorisation.

Posted using Partiko Android

0
0
0.000
avatar

Sir, Is it safe to hold Steem in the form of SBD in our steemit accounts

0
0
0.000
avatar

this extension will help users in many way and for you i believe theire will.be no issue with the security . How much i work i know enough that you are 100 percent trusty.the only thing the user should be careful to install the real version and the one you shared here . Thanks

0
0
0.000
avatar

sounds great. I had another method of typing in the private keys, but if it works, this would be perfect.

How long has it been out for?

0
0
0.000
avatar

Well done!
I heard of this extensions few weeks ago but didn’t get to try it out until today.

It works nicely and I’ve already integrated it with @smartvote dApp. It’s currently on our test environment and will be released to https://smartvoteservices.com when ready. It will perform posts, upvotes, delegations and transfers via Steem Keychain when installed and fallback to SteemConnect otherwise. A next step would be to let the user know they can install Steem Keychain for more security.

Thanks for making this Extension for the community

0
0
0.000
avatar

Hi @yabapmatt!

Your post was upvoted by @steem-ua, new Steem dApp, using UserAuthority for algorithmic post curation!
Your UA account score is currently 8.134 which ranks you at #26 across all Steem accounts.
Your rank has not changed in the last three days.

In our last Algorithmic Curation Round, consisting of 329 contributions, your post is ranked at #1. Congratulations!

Evaluation of your UA score:
  • Your follower network is great!
  • The readers appreciate your great work!
  • Great user engagement! You rock!

Feel free to join our @steem-ua Discord server

0
0
0.000
avatar

So, would you recommend generating new passes since steem-connect and steemit Inc. server hold our keys on their servers? Thus generating new passes would allow greater safety since even if steem connect and steemit inc get hacked, it wouldn't matter. Thus making the keychain more effective.

Also, does send work with #privacy send?

0
0
0.000
avatar

Definitely, but where will you post from? Steem and Busy haven't implemented this extension yet. When you find a place to post from and do operations from that accepts the plugin, then reset the passwords.

Posted using Partiko Android

0
0
0.000
avatar

I believe they will be implenting the key integration soon.

0
0
0.000
avatar

It would make sense, but at least Steemit isn't known for quick adjustments. However, since they're open source, I would as well expect for people to propose the changes by themselves. Do you have information regarding the current development status?

0
0
0.000
avatar

I think @yabapmatt has the most details on such updates. If you follow him or @aggroed, his partner; news of new updates should be coming out.

0
0
0.000
avatar
(Edited)

I'm pretty sure that they do not store keys and only give a specific account a authentification to post under your name, even if they get hacked, nothing should happen, if you remove authentificated accounts. Of course, if hacked, it could be used to phish newly entered keys.

0
0
0.000
avatar

Yes, that's what I thought. Thanks for the confirm.

0
0
0.000
avatar

Great, will this work for Chrome on Mac OsX as well?

Why are you not using @utopian-io if it is Open Source? :)

0
0
0.000
avatar

This has been so needed for so long! We need to make this simple for new users, so they can join steemit and have a safe journey!!
Good job, resteemed!!!

0
0
0.000
avatar

I need to learn how to make money on here people i could start posting alot more often???

0
0
0.000
avatar

This would be very useful, I ideally I save my passwords into my browsers such as Safari, I but I can see why this would be thoroughly useful, because it also acts as a wallet.

Posted using Partiko iOS

0
0
0.000
avatar

Just watch my articles new here no need of any likes or comments just see them to make millionaire mind set

0
0
0.000
avatar

My I suggest a feature?
Maybe Steem Keychain or Steem Plus could inject a JS code in Steemit.com condenser and when someone clicks on a steemconnect link, it would parse the link to extract parameters and trigger a call to Steem Keychain instead.

0
0
0.000
avatar

Great tool, resteemed :-)

0
0
0.000
avatar

I resteemed your comment 🐼🐼🐼🐼🐼🐼🐼🐼🐼🐼🐼🐼☺️☺️☺️☺️☺️☺️☺️☺️☺️☺️☺️☺️☺️☺️☺️😜😜😜😜😜😜🚷🚫🚸⛔🛄🛅

Posted using Partiko Android

0
0
0.000
avatar
(Edited)

It's not possible to resteem comments :-)

0
0
0.000
avatar

OMGGGG I thought it was obvious I was making a joke. I wouldn't expect anyone to believe that. Such a big vote wasted in vain :(

Posted using Partiko Android

0
0
0.000
avatar

Flag removed, was a joke :-)

0
0
0.000
avatar

I mean, for real, a 50000 SP flag because you didn't like my bad joke 😓😓😓😓😓😓😓😓😓

Posted using Partiko Android

0
0
0.000
avatar

Thanks for the contribution you make. The information is of great interest.

0
0
0.000
avatar

Great work! This was really needed, very user friendly and nice UI

0
0
0.000
avatar

Thanks for the good instructions. You opened for me "Keychain".

0
0
0.000
avatar

Congratulations @yabapmatt!
Your post was mentioned in the Steemit Hit Parade in the following categories:

  • Comments - Ranked 2 with 131 comments
  • Pending payout - Ranked 2 with $ 516,52
0
0
0.000
avatar

Three cheers to the author for the dedicated effort, this is kind of a savior to the steemians to get more secured on the web.It would be great if there is an option for a widget or a plugin to make it more user-friendly.

0
0
0.000
avatar

It seems like a handy tool. I'll follow you to keep an eye on what is new with Key Chain.

0
0
0.000
avatar

Fantastic! We are lucky to have you!

0
0
0.000
avatar

This is a nice idea and good implementation. It's even asthetically pleasing.

The only thing I worry about with applications like this, is it requires me to trust you (not that I don't). At any time you could release an update and acquire people's keys could you not? You state your issue with that concept with regards to steemconnect etc, and it's a legit gripe. Keeping the keys local, and accessing through the browser is better, but does it really solve the trust issue?

0
0
0.000
avatar

Well if you are concerned about that (which is a legitimate concern) you can always download the extension code from the Github repo and just install it locally rather than getting it from the chrome web store. That is definitely not an option with Steem Connect!

0
0
0.000
avatar

download the extension code from the Github repo and just install it locally

Touche!

0
0
0.000
avatar
(Edited)

SUBMIT Your password must be at least 8 characters long and include a lowercase letter, an uppercase letter, a digit, and a special character.

Seems like password restriction will make people forget their password unless they write it down.

0
0
0.000
avatar

Thisssssssss, I logged in just to agree. I use passphrases and more memorable passwords! I don't need upper case or special characters when I have a 30 character long passphrase.

Posted using Partiko Android

0
0
0.000
avatar

Excellent article, I never thought that there was another way to work with these keys. It is an excellent idea and a great post. Congratulations and many successes.

0
0
0.000
avatar

It's my understanding that SteemConnect is just as trustworthy as your keychain. The point of it being a website is that it's accessible across all devices and operating systems. My understanding of SteemConnect is that they never see your private key. They use your key to create a permission token on your device.

The website simply called the Metamask browser extension to sign and broadcast the transactions for it.

And what happens if the contract is meant to steal your money? We can't really vet any of those transactions that pop up for legitimacy. We just trust that they do what the website told us they would do.

When it really comes down to it one has to trust the code. We expect that if the code is malicious a white hat will whistle-blow on it.


I would really love to be corrected about SteemConnect or why this service provides more security. In the link above I concluded that a browser extension would be a great way to provide the illusion of security...

However, why did you make your own product when you could have just extended SteemConnect into a browser extension? It's all open-source.

0
0
0.000
avatar

My understanding of SteemConnect is that they never see your private key. They use your key to create a permission token on your device.

I would really love to be corrected about SteemConnect or why this service provides more security

It is true that SteemConnect never sees your key as it is currently built, but since you are entering your key into a site served by them, they have access to see your key and could see it if, say, someone hacked their server and modified it to do that, or if a malicious site posed as steem connect in a phishing attempt. With the browser extension websites will never get access to your keys in any way, so even if you visit a malicious site or a legitimate site gets hacked, they will never be able to get your keys.

That's the difference. It's not perfect, and it doesn't mean that you don't still need to be careful with your keys and what transactions you sign. But in my opinion it is a significant improvement over SteemConnect when using a browser that supports it (only Chrome and Brave right now but more to come).

As far as extending SteemConnect to an extension, that's not as simple as you have made it sound. They are very different products built to do very different things. I believe it was the right call to build this extension from scratch to do what we wanted it to do rather than try to modify SC to do something it wasn't built for.

0
0
0.000
avatar
(Edited)

Thanks for explaining it to me! It's nice to see someone literally introduce a solution to the problem at the same time that I brought it up... lol. Nice work!

0
0
0.000
avatar

Thanks for sharing this new topic about Google chrome extension because it's very easy to do many transition by using one browser and also do other work.it also highly secure and easy to use thanks for this sir.

0
0
0.000
avatar

thank you, really good effort. Hopefully the other dapp steem will immediately apply.

0
0
0.000
avatar

I used this on chrome and it works well. Hope we have Firefox and Brave browser versions soon

Posted using Partiko Android

0
0
0.000
avatar

Oh I can't wait to read more about this.. yes this is something I have wondered about myself. Thanks to the community and take you to the developers! 😁

Posted using Partiko Android

0
0
0.000
avatar

와우, 우리와 젊은이들이이 글쓰기와 같은 정교한 발명품을 사용하는 것은 매우 흥미 롭습니다.

0
0
0.000
avatar

Wow, this is very interesting for us and young people to use sophisticated inventions like this writing.

0
0
0.000
avatar

This is great!, any plan on creating one for other explorers like firefox or opera?

0
0
0.000
avatar

To my knowledge, SteemConnect (from v2) does not store your private keys, it uses you active key to grant posting authority to the dapps that was using SteemConnect. The key is not needed later on when posting or upvoting. The private key is still requested for each transfer or settings request. Utopian got hacked in the past, the hacker could not retrieve the keys because there was nothing to retrieve, they could only use the Thank you for your work on this and I sure appreciate that it offers a faster and simpler option. I'm not technical, so I don't understand a lot of these things, but my understanding is that browser extensions are not really that secure either. I've always been told it is kind of sketchy to use your password with an extension. Am I wrong there?

0
0
0.000
avatar

is really nice. it should it make more secure and save from copy + paste fails. It should for most people really usefull.
( btw its nice for steem Monsters :)
Really good work.

0
0
0.000
avatar

This sounds like an absolutely incredible idea. Thank you for sharing it. I know several people who aren't very confident with Steemconnect and other things. And it was a hassle to keep having to post either private key or active key when I wanted to do different things.

0
0
0.000
avatar

Great initiative!

Waiting for a day when you declare that you have revoked your authority to SteemConnect. May this extension be used everywhere!

For Metamask, it's available for multiple browsers ...including Brave. Hope this one too follow that!

0
0
0.000
avatar
(Edited)

Nice work, but i would like to use my password. if i have to remember another obscure one, its a :( for me

Perhaps in future releases?

0
0
0.000
avatar

Nice work. I am ready through the code and try to do a security (specially the cryptography) audit. I already have some suggestions.

0
0
0.000
avatar

Wow @yabapmatt @aggroed @stoodkev @nateaguila

You all are absolutely amazing. This is incredible work you are doing and all for the benefit of the Steemit community. I am absolutely amazed at how hard all of you work to make this platform great. Super stoked to be part of such an incredible community. Keep up the wonderful work!

0
0
0.000
avatar

Now that IS a very handy extension!!! Thanks for that!

0
0
0.000
avatar

Hi, yabapmatt. Here to see a man about a password.

0
0
0.000
avatar
(Edited)

Thank you for writing this @yabamatt. Just received a link to it early this evening.

Is there any possibility you and your team would consider putting the time into making an extension like this for the Brave browser? I personally do my best to stay away from Google and Chrome, as much as possible.

If you are not familiar with the Brave browser, I would encourage you to check it out. It seems a much truer development path to take, when considering what we are all hoping the crypto asset class will become. I place a high value on protecting my privacy and Brave does that very effectively. Plus, it has built in support for the BAT token, which has being doing well of late …

Thanks for your time and consideration!

0
0
0.000
avatar

Nice! I'm in the middle of developing something that would require repid transaction fire and Steemconnect just wont allow it instead of redirecting the operation to another page every time. This is what we need!

0
0
0.000
avatar

Any chance it can be checked to work with Firefox. In this mobile first era that would be a massive step forward since many people, especially in development nations, don't have a desktop anymore.

Posted using Steeve

0
0
0.000
avatar

Looks like a great idea. I just added it to chrome and will be testing it out. I would love it if we could get our keys saved on a device like a hardware wallet like a Trezor (that is what I have) or a Ledger wallet. Hope this might be the next evolution

0
0
0.000
avatar

How different is this from Lastpass or 1Password ?

0
0
0.000
avatar

The code for the extension is all open source

Good to know, that's the only way I could even consider installing this.

It's a good idea by the way, make me think in the potential Steem still has for the future.

0
0
0.000
avatar

A little late to the party, but I really appreciate this tool. Hopefully the other browsers will be supported soon! Relegating folks to Chrome is understandable, but still a bummer.
How about making it a desktop app like Scatter has done? Better yet, get with Nathan James and integrate them somehow?
I've supported @aggroed with my witness since he got started. Thanks for highlighting your work here, as well as @stoodkev. Both of you were just added.
We'd like to use something like this and Scatter for subscription services on @TIMM and @Scripsio. It's easier said than done.

0
0
0.000
avatar

Hey @yabapmatt Question about the Steem Keychain. Might you be making a firefox extension? I am trying to stray away from google entirely and looking for completely alternate browser/search engine options.

0
0
0.000
avatar

There is already a FireFox version: https://steemit.com/utopian-io/@yabapmatt/steem-keychain-update-firefox-version-now-available

You can also use the chrome extension in both Brave and Opera browsers.

0
0
0.000
avatar

Awesome thank you Yaba. I have been unable to get brave to work on my PC. It locks up as soon as I navigate away from my main monitor (I use a dual monitor setup). That is the browser I want, but cant use. I'll go try this out, thanks again. I appreciate your time man!

Posted using Partiko Android

0
0
0.000
avatar

Bit late to the party but coming back to steem dev and noticing how Steemconnect requires already logged in user to yet again enter their keys into an app just to do transfer is mind boggling. Thank you for your great work in this ecosystem and I'll be looking forward to integrating this service!

0
0
0.000