#Tron-Fan-Club Sharing a few tutorials from me about Steemit passwords is a valuable asset for all of us 10% for @tron-fan-club.

sumber images

I've noticed that there are several posts that explain Steemit passwords well. Through this post, I will briefly explain the usefulness of the passwords that have been given by Steemit, so that all colleagues can understand them better.

Broadly speaking, Steemit provides 5 passwords to its users. The five passwords have their respective uses. Here is a brief explanation of 5 Steemit passwords, each of which steemians have.

Master Key

Master Key is a password that is given when the Steemit registration request is approved. This password is not stored anywhere, so every new user who gets account approval is strongly advised to save this password either by capturing or copying it to other media.

Master Key has multiple functions for any activity on Steemit such as changing passwords, postings, upvotes, comments, wallet transactions, and password recovery. Because. This master key should be stored properly, because when you lose the master key, the recovery function and password changes cannot be performed again, even if the account is logged in.

Posting Key

The second key is the Posting Key. Steemit users can find the Posting Key through the wallet precisely on the permissions tabIf someone logs in using the Posting Key, then the activities that can be done are only limited to making posts, giving comments/replying, upvotes and follows.

Active Key

On the permissions tab you can also find the Posting Key. By using an Active Key, users can carry out wallet activities such as STEEM / SBD asset transfers, trading on the internal market, witness selection, power ups and all functions that can be performed using the Posting Key.

Owner Key

While the function of the owner key is the Master Key in the Public version, meaning that this Owner key cannot be used to login.

Memo Key

And the last one is Memo Key. This key is actually used to send privacy messages, but so far I have not found the use of the Steemit feature that requires using the Memo Key.

Based on the explanation of the Steemit password function above, the safest way to login is to use the Posting Key. Despite the theft of the Posting Key, the Steem / SBD assets are ensured to remain safe because the Posting Key cannot carry out wallet transactions. Users only need to change the password to take over the stolen Posting Key

Until now, there are still many phishing traps scattered on posts and comments on Steemit media. To be able to avoid phishing, a user must have knowledge of how a phishing trap works in stealing passwords. The perpetrators of phishing spread traps through comments and posts. Phishing perpetrators provide a link that, if accessed, will take the user to a new page, then directed to login. When someone logs in either intentionally or not, that's when the account password is recorded and stored by the perpetrator.
If you understand how phishing works, it will be very easy to take anticipatory actions to avoid phishing traps, namely by not logging in carelessly before making sure the page being accessed is phishing or not. No matter how great the tools created to anticipate phishing will be meaningless if the account owner does not have good vigilance and control in logging in.Another thing that really must be considered is when the current development of the Steem application leads to the trend of developing a mobile version of the application. For the use of the Mobile application, it is also highly recommended not to log in carelessly, moreover the application used requires the user to log in by using an Active Key.

Regarding password security issues, so far I still see some behavior of steemian colleagues who store passwords carelessly. I still meet many friends who save Steemit passwords in notepad, email, and screen shoots. Actually, this kind of action is no less dangerous than the threat of phishing.
A password that is stored openly on PCs, Laptops and Smartphones is very vulnerable to theft. Because it is possible if the PC, Laptop and Smartphone used have installed the Keyloger application or the Backdor application without the knowledge of the owner. By using Keyloger or the Backdor application, it will be very easy for someone to record screen activities, transfer files, record keyboard activity remotely and use other devices. Although until now there has not been heard of a crime in this way, but this loophole will be very likely to be exploited for crime.

Maybe some steemians still think that saving passwords in a protected email or notepad will be safe, but maybe friends forget that a device that has a keyloger application or Backdor application installed can take screen shots remotely without the owner of the password knowing.
Just imagine when the password owner is opening an email or notepad to copy the password, suddenly at the same time the activity has been recorded via a screen shot from another device. Then at that time the password was already owned by someone else.
To minimize the potential for this crime, I suggest my friends to use the Password Manager application as a medium for storing and managing passwords. There are many password manager applications that can be used such as KeePass, KeePassDroid, Last Pass and others.

By using Password Manager, usernames and passwords will be stored in an encrypted database file and can be stored in the desired place such as on a flash drive, hdd, cloud and other storage media. Because this database file is encrypted, the saved password will be stored in a hidden state (hide character). When copying passwords, the Password Manager application will not display the saved passwords, but will only display characters in the form of dots, so it is very safe to use.

Some of my steemian colleagues have asked me what is the solution when an account has Master Key theft. And Alhamdulillah, from two of my colleagues who experienced this incident, their accounts can still be recovered even though the assets in the account have disappeared.
The conditions for returning an account that was lost due to the theft of the Master Key are as follows:

• Still save the email and password used to register for a Steemit account._
• Still saves the last used Master Key.
• Application for Recovery Password can be made before 30 days from the date of the incident.
  If the three requirements above are met, then next, please use the Stolen Accounts Recovery feature by entering the last used username and Master Key. Confirmation of password recovery will be made via the email used to register the account within 3x24 Hours.

• Always store and maintain the confidentiality of all Steemit passwords and email passwords used to register for a Steemit account using the Password Manager application.

1. Do not log in carelessly using the Steemit Password.
2. Never login using the Master Key.
3. Always use Posting Key for login needs.
4. If you use an application other than Steemit that requires logging in using an Active Key, before logging in, make sure the application really understands how it works.
5. For using Steemit through a browser, add the Steemed Phish extension to detect Phishing links.
6. For the use of the Mobile version of the Steem application, make sure the application to be used is connected to Steemconncet and uses a valid steemconnect address.
7. As an anticipatory measure to maintain the confidentiality of the password, it is advisable to change the password periodically, for example once a week or every 3 days.
8. Change the password immediately if you feel the password is starting to be insecure.
9. Print all passwords and store them in a safe deposit box or stored along with other important documents.

this is all I can say more and less I apologize, and if there is an error in my words I apologize, sorry or also in an error, and hopefully useful greetings