We have all lived through the steep learning curve of Steem.
This learning curve is not the same for everyone, because Steem is like an onion and truly very few peel it to its core. Some people never want to peel the onion at all, and that's perfectly fine.
At the same time, between the layers of the Steem onion there a gap, sometimes very significant, and once someone goes to an inner layer, he or she often forgets to stay in contact to the outer layers. And that's most likely a mistake.
Sure, one can think of the most efficient use of time, and communication between the most inner layer to the most outer layer may be wasteful. But a propagation from layer to layer both ways is not. Although sometimes is better to skip layers to have a direct, first hand impression of the reality.
I haven't peeled too much the Steem onion myself, but being a technical individual allowed me to peel to an inner layer than others.
In my materials on SteemHelp community for new steemians or a having basic understanding of Steem, I try to be as explicit as possible, not because it's simple for me to do it, not because I consider anyone stupid, but because through experience I discovered what my meaning of simple is can differ significantly from someone else's.
What I discovered through recent conversations is that there is a real gap between how I see or understand things and how people at an outer level of the onion see things.
For example, one of the most misunderstood or misused notion for new steemians - the private keys. At some point they might get used to them. And they might understand the role of the 4 private keys as opposed to a regular password.
Then they see the password to set on SteemConnect or Steem Keychain and think: hey, this is getting back to the old password thing you told me was unsecure, and you needed 4 private keys instead. I won't use that because it's risky, if someone gets this password my account will be compromised.
The above was adapted from a real conversation I had a few days ago.
So, the person thought if a hacker would get his SteemConnect password (on his mobile), the hacker would automatically have access to his Steem account. The same logic applies to Steem Keychain, except not on mobile.
It took some time before I actually understood what he really meant, because he formulated the question completely differently at first.
He finally had a satisfactory answer when I told him that SteemConnect password was an additional security measure (to unlock the verification of the stored accounts, which are kept locally and encrypted with a strong algorithm) and that if the hacker doesn't have his private keys, SteemConnect password is useless to him.
A long way to go from "hacker knows your SteemConnect password and has complete access to your Steem account", as he initially thought.
Things, even when they appear clear, they are not. Because not everyone has peeled the onion to the same layer as you have.
And since Steem is a changing ecosystem, confusions are likely to appear more often than we think.
The onion metaphor is only partially revealing. From a different angle, a pyramid is better suited. With newcomers at the base and those who know the blockchain core at the top, for example. The base will always be much larger. The higher the onboarding, the higher this base. That's why ease-of-use is important...