Account recovery is a crucial and often overlooked aspect of the Steem blockchain. Today account recovery is not that big of a deal... except of course to the users that absolutely require the service. It's kind of like air; nobody thinks about it until it's gone.
Account recovery is essentially completely taken for granted by mainstream society. This is due to the obvious centralized nature of the corporate world. People just naturally assume that account recovery should be a trivial process. If Facebook and Twitter can do it so easily then why wouldn't this also be the case for crypto?
These fundamental misunderstandings of decentralization aren't going to get better anytime soon. In fact, it's going to get much much worse. The closer we get to mainstream adoption the more frustrated noobies we will encounter. This mindset is already being evidenced by mainstream society.
“Let’s see, places I’d rather be than a Trump rally off the top of my head – the DMV, the dentist, someone else’s child’s clarinet recital, a Soviet gulag, covered with honey and staked on an anthill, sliding down a 50-foot razor blade into a bathtub of gin, and in conversation with someone that knows a lot about Bitcoin go on, go on about blockchain.”
Even funnier, and on a side note, I found this old video looking for that one.
Talking trash on 2013 Bitcoin saying that buying at $266 dollars a coin was a terrible investment. Hilarious. "Gold for Internet nerds" indeed.
What I'm trying to get at here is that people would sooner make fun of 'nerds' that understand the world around them rather than trying to figure it out for themselves. The vast majority of people in this world aren't going to care how cryptocurrency works, only that it does, and as simply as possible so they only have to learn the bare minimum. This is the way technology always works out.
In any case, back to the topic at hand.
When people realize that Steem and other DPOS chains are the only ones that provide a certain level of account recovery it will be quite the selling point for a lot of folks. The risk of not having account recovery is too much for many to bear.
I can almost guarantee with absolute certainty that when DPOS chains go more mainstream (to pick up the slack of the scaling issues) the demand for simple account recovery will go way up.
As it stands now, in order to recover one's account two keys are required.
- Any master/owner key that was valid within the last 30 days on the stolen account.
- The active key of the recovery account.
Traditionally, the person that had their account stolen has to simply trust that the recovery account will give them their property back and not steal it themselves. For the time being this works out just fine. Most users employ Steemit Inc as their recovery account and that works out just fine. We all trust Steemit Inc to not run around stealing their constituents accounts, yes? After all, this is the same level of trust we grant to centralized agencies with no questions asked.
However, what happens when Steemit Inc can no longer keep up with the processing of onboarding? I myself can create 176 free accounts, all of which would automatically peg me as the recovery account automatically. What would happen if I (or people like me) began scamming new users out of their accounts? Not an ideal situation.
I've also thought about how this scamming would be quite easy to accomplish in certain situations. If I create an account for someone and record their master key, I could steal their account quite easily. I could even go so far as to remind them to change their password, but even then I would still have 30 days to steal their account because of the inherent access to both keys.
Getting off this tangent.
In the event of normal account recovery, wouldn't it be nice if the person who lost their account didn't have to trust the recovery account to do the right thing? Trustless recovery is obviously superior. I think this is a possible outcome to achieve in a variety of ways.
The first thing I thought of involves the prerequisites for account recovery. Steem is an open network. Anyone can recover an account. Why then would the standard recovery procedure be the transference of the master key to the recovery account? This needlessly puts the account to be recovered in further danger.
Instead, the recovery account could just as easily provide their active key, allowing users to recover their own account. This way, no one involved in the recovery process could violate another person's account. The master key was never revealed to the recovery account and the active key can be changed immediately after being used for recovery. Needless to say, the recovery account in this scenario would have zero liquid funds to transfer and very little (if any) Steem Power.
Another way to do it would be to control the recovery account directly. This assumes a lot of things and isn't the best idea, but I'm trying. Users who are able to keep the details of two accounts in completely separate locations would be able to accomplish this. The recovery account would simply be a proxy who's master key details were more secure than that of the main account (but likely also more difficult to access). Again, this 'solution' is a bit sketchy, because what's the point of having a full on separate account for recovery when you could have just been using that security on the main account?
I suppose in one example you might have your master key encrypted on the cloud for your main account, but for the proxy account you wrote it down on paper and put it in a safe deposit box or buried it in the backyard or something. Obviously the cloud is easier to reach than going to the post office or digging up the backyard. In addition, this gives an added layer of security because the recovery account also has a recovery account (presumably Steemit Inc).
The most likely solution to be adopted by the masses is simply centralized account recovery. In fact, most people wouldn't even consider what we have as account recovery. We are only recovering stolen accounts. Most people simply use recovery as a way to get an account back that they forgot the password to. Meanwhile, if that happens in this space, the account is lost forever.
Therefore, it's pretty obvious to me that no matter how bad of an idea it is, a centralized service that links email accounts to Steem accounts will arise due to high demand. This obviously nerfs the full fledged security of Steem blockchain encryption down to however secure the email password is.
Many of us in the space today would say that this is a wholly unacceptable solution. However, this is simply how it is. Pretty much everyone I personally told to make a Steem account has already permanently lost their account due to password mismanagement. If you add up the chance to lose an account because an amail gets hacked vs user error, guess who wins? In an age of blossoming mass adoption the answer will be user error every time.
The risks associated with centralizing security are often proportional to the gains of said centralization. As long as only small/new accounts are doing it, it probably doesn't matter much.
The real question we need to be asking ourselves is how to mitigate the damages created by this loss of security. Is there a way to decentralize the servers holding the information? Is there a way to obfuscate which emails are linked to which Steem accounts? Will education of the space excel far enough to get people off this centralized system entirely. The answer to all these questions is likely 'yes', but I guess until then we'll just have to wait and see how it churns out given the sea of speculation we are constantly swimming in.