Peerplays newer services being developed don't follow best practices in blockchain security

Many of the services under development are using outdated security authentication methods. The practice of asking users to input username and passwords should not be used in the current blockchain environment. As you may have noticed services like metamask, scatter, steem/hive keychain eliminate the need for login by signing transactions from the websites.

The reason why this architecture is preferred and the login/password architype is a bad practice, is because users should not be entering the passwords they receive from GUI account creation. The password they receive allows for an attacker using a phishing website to reconstruct all the derived passwords, including the owner permission. Furthermore a user entering a username and password for login can be easily attacked by copycat websites looking to steal information and man in the middle attacks.

Peerplays services should be using plugin client side signing (keychain,scatter,etc) and peerid services only. Keychains would be the most preferred method as it allows for both password generated accounts and keybased login accounts to participate in using the services, and peerid should be the fallback.