We added the option to pay with steemconnect instead of a manual transfer because we believe they are both at relatively the same security level for most Steem users: I believe most users use the steemit.com web to do their transfers, which requires an active key to be entered into the web page. Steemconnect requires the same. Neither service transmits the key beyond the user's browser (i.e. the key never leaves the user's computer), assuming the sites themselves aren't compromised. It's my understanding that steemconnect's management is going to be handed over to steemit, which would put them at pretty much exactly the same security level.
Now it is true that if these web servers were compromised, keys entered after the compromise could be exposed until control of the web servers were re-established by the rightful owners. This is a real potential security hole, but it's not a new one for most users. But for users who hold a lot of Steem, especially if they hold it liquid form, I think a better option is to keep your funds in a command-line wallet and use it for transfers. The risk is not as high for accounts that store most of their Steem as Steem Power, because they can potentially do an account recovery to regain control of the account before the Steem Power can be powered down.
Maintaining and using a command-line wallet is probably more work than most casual steem users want to do, but it's probably the best way to protect a large amount of liquid Steem. It's the way we protect our liquid Steem holdings and I believe many Steem whales do the same thing.
I'm not sure why you mentioned owner keys in this context: owner keys are not required to do a transfer and users should always use their active key rather than owner key for such operations.
I have no problem with letting you have my active key, as I would notice the first power down. New users may not notice anything if not warned what power comes with that key.
My problem is with the new users who have given up the owner key. I have been on the phone most of today telling them to clear their accounts because they can be locked out. An owner key allows the one who has it to change all three keys including the owner key.
I have a Dash master node,which requires 1000 Dash in one account, and Dash has neither asked me for my private keys nor spoken about the risks of doing so.
I agree with you that steemconnect should probably not mention the option of using the owner key as opposed to the active key. I would change the wording now, but it's not our site that hosts that code. But I'll raise the issue with steemconnect guys and see what they say.
Could you add a pop up alert to your site when people choose to use Steemconnect? Something along the line of please remember to use your active key to help keep your account secure?
Could you add a pop up alert to your site when people choose to use Steemconnect? Something along the line of please remember to use your active key to help keep your account secure?
Yeah, it should be clear that Active is sufficient (or password, from which active (and owner) can be derived).
thanks to @blocktrades I am very comfortable doing tranfer with the addition of new features.