Pretty interesting.
So, essentially, if an account is created by a third party application or website, they could possibly have access to the keys?
You are viewing a single comment's thread from:
Pretty interesting.
So, essentially, if an account is created by a third party application or website, they could possibly have access to the keys?
You should ALWAYS change your keys, regardless of how you get them.
We can't stress this enough.
It's possible but we would have to see the code that is being used on the web page. If it is open source and we can review that the keys are generated locally on the users browser then it's unlikely. However if the user receives the keys by other means (like email) then it is possible for the third party to keep a copy of the keys.
The published open source code (if there is any) may not be the actual code that runs the web site. Also, the owners of the site can change the code at any time, and there is no way for us to know what code was used at the time of creation of community321 account.
That's the problem with trusting webapps, and it applies to any web application that asks for keys (steemit.com, steemitwallet.com etc. — they too could have been temporarily compromised at some point in the past).
That is true, only if you inspect the code running on a web app can you have some security but not everyone has the necessary knowledge to do it.
Las dapp de terceros deben enfatizar a los nuevos usuarios el cambio de sus llaves una vez realizado el registros.
Pero quizás esto es inseguro también...