I really looked forward to Keychain being available for Firefox...
I was waiting for months for Keychain to come out for Firefox. It's a bloody pain to copy keys from one place depending on which I needed. Although having the different levels of security does help for keeping your wallet and account secure. Keychain promised to clear that all up.
Except Keychain is like when you're searching for a key and it doesn't turn in the lock so you try another key, and then another, and then you come back to the first one and it turns out that it's just that the key sucks.
Yeah...Keychain sucks. I put off saying anything for a while because I kinda complain too much. But then more and more annoying things kept popping up.
When I first installed Keychain, it was a PITA. It kept asking for my password...which I thought might mean my key...because there was no way it would actually want my password for my Steem, right? Long story short, I'm an idiot and Keychain sucks, because it doesn't check if you haven't set up a password for Keychain yet before asking for a password. They clearly didn't go through all the steps when debugging.
So I go through setting up Keychain. Then I find that they have the same stupid password requirements that every application has these days of upper and lowercase and a number. Problem is this doesn't really make it that much more secure. It just eliminates all passwords that don't meet those requirements and makes the password a lot harder to remember in a lot of cases. That can save a lot of time when someone's doing a dictionary attack. I personally think that they should just recommend things to make passwords more secure, and maybe reject a few ones that are obviously insecure, like simple one word passwords followed by two numbers, or possibly even stuff in standard password dictionaries. Maybe just link them to a YouTube video about making more secure passwords.
But I digress.
Eventually I picked a shitty password that's a pain in the ass to type in, every day, because I'm on Steem every day. I would rather have a long password that's just multiple words in different languages mispelled with numbers replacing sounds and letters...but...I digress. I just dare you to try to break a password that can have mispelled words in as many as 30 languages, and numbers. I suppose I should start incorporating more special characters though... Cuz it's not like 7 words in multiple languages is hard to crack...let alone when they're not spelled right. There are thousands of words in every language. So many options. I should get better writing the letters of different languages though.
I digress again.
I picked a password.
The most concerning part, other than them adopting security practices that make no one more secure, unless you're someone making one word passwords with your birth date, is that they didn't go through the steps of the program during the debugging. They didn't check what happens when you first install it and don't go through their setup first. Hint: it's a nightmare. But, that will come up later.
They also didn't check what would happen when you don't put in your password or import all of your keys.
See, a good program would say "You haven't imported that key yet. Please import it now." and have a keyword import screen or something. Or better yet, click a button to load up a page to input it in, because the fucker closes if you click on anything else. And it's a pain in the ass to get to the window where you put in your keys.
Keychain also works kinda shitty doing various things with various sites.
Like in SteemPeak, when it times out, which is a security feature in the settings, every first thing you do throws an error...despite it actually going through.
It also just doesn't seem to work to claim an account with SteemWorld. Hopefully that will be fixed in the future. But, to be fair, it doesn't work with that other key saver thingie either. The creator's trying to sort it out...hopefully Keychain gets a bit better though.
Bottom line is that Keychain feels like a really crappy program that should still be in beta...or developed by Microsoft. They need to debug it more. Go through every step possible in the program! It's an important step in debugging that every developer needs to do dammit!
Image by FlorinBirjoveanu (source)
Used under the Pixabay License
Edit: I've started to try to get myself into the habit of unlocking the keychain before I upvote or comment to anyone when I haven't been on Steem for a bit, so that it doesn't error out.
Hi, I'll leave most of the answers to the guys behind Keychain. Just want to point out that this issue:
Should be fixed on @steempeak now with the latest keychain version.
I may be insecure but it seems I might keep my sanity for longer :) I was never going to install a plugin to handle keys and bug that it wants to put things in then disconnect or not be able to fill fields or sync as it should. Basically had that with lastpass - Convenience over some shitty posting key concerns I say.
Yeah...I should probably just put my active and password in separate encrypted files or something and get used to opening them to read my password/key when I need it.
mmmm I should probably encrypt my dropbox files then :) I wonder with the dropbox api can encrypt them have a local script I guess maybe js since can easily copy and run in any console, provide what you need , fetch file decrypt locally and copy from there ... rough idea but would be cool or even a basic server with hooks.. Not very security minded as I think hiding in the masses is ok for now for me at least. Heck steemconnect is a bigger concern than me having my active on drive.
also this is cool do you use it? https://veracrypt.codeplex.com/ I have used truecrypt which I could use any image to encrypt and decrypt
If you're on Windows you can make a batch file to encrypt them. If you're on Linux or Mac you can make a shell script or perl or python script to do the same. Or you can get a gui application to do the same. There are also applications that interface with dropbox and other servers and will encrypt the files before sending them off.
Nice think I will add that to my workflow seems simple enough. !tip hide
I'll probably never use any program to 'manage' my keys, and certainly nothing to do with a browser.
I just keep them all on a flash drive, and another one. It's kind of a pain sometimes, like if I don't have the medium. I think it's worth it though.
Maybe one of these days I'll make it a live usb with wallets already installed and an encrypted filesystem. Might need a bigger drive though.
It's important to have a backup...and maybe a flash drive in a safe. Which I actually just got a fireproof safe, so maybe I'll do that. Or a microSD card or something. But I'm not too sure about a key on a flash drive that's actually out in the open, unless it's pretty well encrypted. Flash drives are too commonly lost or stolen.
In regards to the live USB. Big ones are pretty cheap these days. 8 gig ones are almost standard, and that's actually perfectly find in size for a basic operating system setup. You probably want a bit bigger to customize with all your apps and games and regular documents. Though a lot of that can be put online too.
I actually think Keychain doesn't really save me any time. Most of the web apps use a cookie system and work with that other key system, which has already had a major security failure. It probably actually wastes more time.
Congratulations @geekpowered! You have completed the following achievement on the Steem blockchain and have been rewarded with new badge(s) :
Click here to view your Board
If you no longer want to receive notifications, reply to this comment with the word
STOPTo support your work, I also upvoted your post!
Vote for @Steemitboard as a witness and get one more award and increased upvotes!
No idea if it working ... try again
!tipuvote 0.3
This post is supported by $0.19 @tipU upvote funded by @penderis :)
@tipU voting service always profitable, instant upvotes | For investors.