A finding after missing the password of Steemit (And some thought about it)
steem·@igmaster·
0.000 HBDA finding after missing the password of Steemit (And some thought about it)
Today, I would like to login to Steemit but I forgot the password. WTF. http://img.wonderhowto.com/img/50/81/63545703386404/0/advice-from-real-hacker-protect-yourself-from-being-hacked.1280x600.jpg [Image URL](http://img.wonderhowto.com/img/50/81/63545703386404/0/advice-from-real-hacker-protect-yourself-from-being-hacked.1280x600.jpg) I tried to think where it is but you know. Your computer is like an ocean... https://media.giphy.com/media/8jXU0yFyjGiZi/giphy.gif [Image URL](https://media.giphy.com/media/8jXU0yFyjGiZi/giphy.gif) Here comes the first thing I found: **the password is too long and not created by user**. For most of the login system let user to create their own user password. I am not an expert on cryptography, but from a user perspective, custom password is better for human to remember. (maybe only for vote and posting?) I am feeling frustrated and don't know what to do. https://media.giphy.com/media/p8Uw3hzdAE2dO/giphy.gif [Image URL](https://media.giphy.com/media/p8Uw3hzdAE2dO/giphy.gif) I tried to found something like CS or Support and found [steemit.chat](steemit.chat). https://s24.postimg.org/ruo48um4l/Screen_Shot_2017_01_18_at_5_59_28_PM.png https://s24.postimg.org/7e06zvvg5/Screen_Shot_2017_01_18_at_4_55_41_PM.png As above said, I found there is a [Stolen Accounts Recovery](https://steemit.com/recover_account_step_1). However there is no options for email recovery. https://s30.postimg.org/4s4y1dfoh/Screen_Shot_2017_01_18_at_6_17_20_PM.png **Why not let user get new password via email?** If people are afraid of hacked email and attacker get the new Steemit password successful. Why not create a cool down period before sending the new password? The account can be flagged if someone / you have requested a new password. You can get a email and login message warning to cancel the new password request at anytime. That take's time but at least they can get back their valuable account. https://s24.postimg.org/c1691nit1/Screen_Shot_2017_01_18_at_4_55_56_PM.png Hopefully, I found my password! https://media.giphy.com/media/l46CkATpdyLwLI7vi/giphy.gif [Image URL](https://media.giphy.com/media/l46CkATpdyLwLI7vi/giphy.gif) And yea, as l0k1 said, what if people have $1000 more in the account and missing their password? I think they really need a way out. This may need more discussion to protect the account owner, but this seems important to everyone. Currently, this would be very helpful for everyone: - Do not miss your password! - DO backup your password in any form you can, or you may no longer get it back! - Print it, save it to a usb drive! https://s24.postimg.org/4zcwt74l1/Screen_Shot_2017_01_18_at_5_10_29_PM.png (And remember where you put the password) Thanks for viewing and thanks pfunk and l0k1 being supportive. If you like this post, plz give me a up vote. Thx!