Possible Account Recovery Improvements

in palnet •  5 months ago 

recovery-road-into-sunlight-760.jpg

Account recovery is a crucial and often overlooked aspect of the Steem blockchain. Today account recovery is not that big of a deal... except of course to the users that absolutely require the service. It's kind of like air; nobody thinks about it until it's gone.

Account recovery is essentially completely taken for granted by mainstream society. This is due to the obvious centralized nature of the corporate world. People just naturally assume that account recovery should be a trivial process. If Facebook and Twitter can do it so easily then why wouldn't this also be the case for crypto?

These fundamental misunderstandings of decentralization aren't going to get better anytime soon. In fact, it's going to get much much worse. The closer we get to mainstream adoption the more frustrated noobies we will encounter. This mindset is already being evidenced by mainstream society.

“Let’s see, places I’d rather be than a Trump rally off the top of my head – the DMV, the dentist, someone else’s child’s clarinet recital, a Soviet gulag, covered with honey and staked on an anthill, sliding down a 50-foot razor blade into a bathtub of gin, and in conversation with someone that knows a lot about Bitcoin go on, go on about blockchain.”


Even funnier, and on a side note, I found this old video looking for that one.

http://www.cc.com/video-clips/b1ekda/the-colbert-report-bitcoin-plunge

Talking trash on 2013 Bitcoin saying that buying at $266 dollars a coin was a terrible investment. Hilarious. "Gold for Internet nerds" indeed.

What I'm trying to get at here is that people would sooner make fun of 'nerds' that understand the world around them rather than trying to figure it out for themselves. The vast majority of people in this world aren't going to care how cryptocurrency works, only that it does, and as simply as possible so they only have to learn the bare minimum. This is the way technology always works out.


In any case, back to the topic at hand.

Account Recovery.

When people realize that Steem and other DPOS chains are the only ones that provide a certain level of account recovery it will be quite the selling point for a lot of folks. The risk of not having account recovery is too much for many to bear.

I can almost guarantee with absolute certainty that when DPOS chains go more mainstream (to pick up the slack of the scaling issues) the demand for simple account recovery will go way up.

The Process

As it stands now, in order to recover one's account two keys are required.

  • Any master/owner key that was valid within the last 30 days on the stolen account.
  • The active key of the recovery account.

Traditionally, the person that had their account stolen has to simply trust that the recovery account will give them their property back and not steal it themselves. For the time being this works out just fine. Most users employ Steemit Inc as their recovery account and that works out just fine. We all trust Steemit Inc to not run around stealing their constituents accounts, yes? After all, this is the same level of trust we grant to centralized agencies with no questions asked.

However, what happens when Steemit Inc can no longer keep up with the processing of onboarding? I myself can create 176 free accounts, all of which would automatically peg me as the recovery account automatically. What would happen if I (or people like me) began scamming new users out of their accounts? Not an ideal situation.

I've also thought about how this scamming would be quite easy to accomplish in certain situations. If I create an account for someone and record their master key, I could steal their account quite easily. I could even go so far as to remind them to change their password, but even then I would still have 30 days to steal their account because of the inherent access to both keys.

Getting off this tangent.

In the event of normal account recovery, wouldn't it be nice if the person who lost their account didn't have to trust the recovery account to do the right thing? Trustless recovery is obviously superior. I think this is a possible outcome to achieve in a variety of ways.

Example 1

The first thing I thought of involves the prerequisites for account recovery. Steem is an open network. Anyone can recover an account. Why then would the standard recovery procedure be the transference of the master key to the recovery account? This needlessly puts the account to be recovered in further danger.

Instead, the recovery account could just as easily provide their active key, allowing users to recover their own account. This way, no one involved in the recovery process could violate another person's account. The master key was never revealed to the recovery account and the active key can be changed immediately after being used for recovery. Needless to say, the recovery account in this scenario would have zero liquid funds to transfer and very little (if any) Steem Power.

Example 2

Another way to do it would be to control the recovery account directly. This assumes a lot of things and isn't the best idea, but I'm trying. Users who are able to keep the details of two accounts in completely separate locations would be able to accomplish this. The recovery account would simply be a proxy who's master key details were more secure than that of the main account (but likely also more difficult to access). Again, this 'solution' is a bit sketchy, because what's the point of having a full on separate account for recovery when you could have just been using that security on the main account?

I suppose in one example you might have your master key encrypted on the cloud for your main account, but for the proxy account you wrote it down on paper and put it in a safe deposit box or buried it in the backyard or something. Obviously the cloud is easier to reach than going to the post office or digging up the backyard. In addition, this gives an added layer of security because the recovery account also has a recovery account (presumably Steemit Inc).

Example 3

The most likely solution to be adopted by the masses is simply centralized account recovery. In fact, most people wouldn't even consider what we have as account recovery. We are only recovering stolen accounts. Most people simply use recovery as a way to get an account back that they forgot the password to. Meanwhile, if that happens in this space, the account is lost forever.

Therefore, it's pretty obvious to me that no matter how bad of an idea it is, a centralized service that links email accounts to Steem accounts will arise due to high demand. This obviously nerfs the full fledged security of Steem blockchain encryption down to however secure the email password is.

Many of us in the space today would say that this is a wholly unacceptable solution. However, this is simply how it is. Pretty much everyone I personally told to make a Steem account has already permanently lost their account due to password mismanagement. If you add up the chance to lose an account because an amail gets hacked vs user error, guess who wins? In an age of blossoming mass adoption the answer will be user error every time.


The risks associated with centralizing security are often proportional to the gains of said centralization. As long as only small/new accounts are doing it, it probably doesn't matter much.


The real question we need to be asking ourselves is how to mitigate the damages created by this loss of security. Is there a way to decentralize the servers holding the information? Is there a way to obfuscate which emails are linked to which Steem accounts? Will education of the space excel far enough to get people off this centralized system entirely. The answer to all these questions is likely 'yes', but I guess until then we'll just have to wait and see how it churns out given the sea of speculation we are constantly swimming in.

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

As it stands now, in order to recover one's account two keys are required.

  • Any master/owner key that was valid within the last 30 days on the stolen account.
  • The active key of the recovery account.

Traditionally, the person that had their account stolen has to simply trust that the recovery account will give them their property back and not steal it themselves.

Just to add, since it's probably not obvious to everybody: The stolen account owner doesn't need to know the active key of the recovery account and the recovery account doesn't need to know neither the old or the new keys of the stolen account for the recovery procedure to work. The process consists of two independent blockchain operations, one signed by the recovery account, one by the stolen account owner.

I agree with your point that this is not necessarily the case when for example the stolen account had accidentally exposed their keys to the public, so anybody including the recovery partner can know them.

The idea is that the recovery partner is "trustworthy" and has additional information about the person requesting a stolen account recovery that clearly identifies them as the original owner. This is often not the case when users create accounts for other random users and clearly limits recovery options.

If I create an account for someone and record their master key, I could steal their account quite easily.

True, but I'd expect users who create accounts for others to ask the new users for their pubkeys instead of setting a set of keys known by the creator. There are tools to achieve this in the meantime.

The process consists of two independent blockchain operations, one signed by the recovery account, one by the stolen account owner.

Good to know. I was wondering if I was getting it wrong somehow. So the person who had their account stolen simply posts a new public key to the blockchain (and old private key) and it's up to the recovery account to verify that is a valid request by the correct person? Pretty smart.

Sometimes I write these pointless posts just to lure you smart people in here to tell me how it actually works :D

The process starts with the recovery account submitting a request_account_recovery op that contains a new public owner key of the 'hacked' account. The recovery account should do this only after verifying that the new keys come from the legit owner. Then the 'to-be-recovered' account sends a recover_account op that is signed both with the old key and the new key contained to the request_account_recovery op.

How can the process begin with the recovery account? Doesn't the account-to-be-recovered need to make a claim first? Does this happen off-chain?

  ·  5 months ago (edited)

yes, this is supposed to happen off-chain first. The account-to-be-recovered provides its new key to the recovery account off-chain, the recovery account verifies the identity of the person behind the account-to-be-recovered and begins the process.

Yeah, I've said multiple times that for us to really take off we'll have to have a service that dumbs it down and lets people recover their accounts and makes it easy.
Like a Facebook.
Steem supports having a password split tho, so maybe you could somehow have it set where friends of yours keep a recovery password among them, so you can reset your password by contacting them and proving you are who you say you are.

If these people aren't capable of properly storing an important thing such as a master key then they probably shouldn't be trusted on the internet, and least on the chain.

What moron was mocking "internet nerds" in the year 2013? Someone had been in coma since 1993?

God I know right?

Look at the Nerd!
He's trying!

Interesting topic and one there aren't readily available answers for. I think having account recovery significantly trumps not having one, especially in regards to trying to on-board the masses. The pros simply outweigh the cons and it's really just a numbers game, at least for now.

Honestly account recovery here is quite genius, and it only works because of proof-of-stake.
Being able to lock coins that can't be stolen is key.
The ability to enable account recovery without the recovery account having access is especially key.