You are viewing a single comment's thread:
RE: HiveSigner is INSECURE? - discussion and deep dive
You can pre-add the authority through other interfaces like PeakD and Hive.blog.
I believe everything should support keychain, but even that isn't audited.
0E-8 BEE
Yes, which is probably the most secure way to use HiveSigner!
What would an "audit" or auditor do?
Keep an eye on the github repo?
Look for exploits in the live app?
"PenTest" the company itself?
Generally review the code for security issues and/or exploits. Ideally, regularly, but most are lucky if it is even done once halfassed.
View more
I agree on auditing or more eyes on codebase and what apps are doing by checking their source code if open. Hivesigner is opensource, audited at least by Ecency team and previous creators, anyone still can check codebase. A lot of misinformation will push people using unsecure or closed source solutions which isn't helping.