RE: If Something Smells Phishy, It Most Likely Is!
My understanding is that the MASTER key is your all-4-one key. You can post, use it for wallet transactions, and change the account password. The last part is important, master key can be used to change the account password!
And that last one should somehow NOT be included IN the combo key.
The master key should ONLY be able to change the 'key chain' (all the user keys) AND to request a fresh master key Yet it should NOT open all the locks including the master lock.
I hope that this is still making sense as it is hard not to confuse the key names that already are a bit mixed up. :-)
I think the problem starts with Steemit Inc. giving users the master key as the password to use when starting their account. New users don't know that they are supposed to go grab all their passwords (posting, active, memo), and then store away the master key. Most probably are using the master key, and as a result, are giving hackers an all-4-one key to their account.
Good point, yet people would then ask MANY annoying questions right from the start. :-D
I just started using Busy, and I don't really like the fact that they require the user to use the active key to log on. I use busy to write a post, but then switch back to steemit which is safer since I only have to use my posting key. Dapps like busy that require users to log on with their active key doesn't help with the phishing issue because users are "accustomed" to using the active key to use the platform. As a result, when there is a phishing attack, the user is then giving the hacker their active key, which would result in stolen funds.
Ah , that explains why i could not log in with any other key LOL I thought it was due to my keys, but now i get it!
As steemit annoys me with a policy wall and 2 checkboxes that i need to click to get to 'MY' money that kinda pisses me off.
Even my bank would not do such a stupid thing. People should always be able to access their money regardless of policy changes. That they are used from the blog stuff thats probably not such a big issue. So i moved to Busy, as that does not lock me out with a BS policy wall. A website should first respect it's users, then users will eventually respect the policy BS if it is reasonable. This is why i never used facebook, and commited 'collective MySpace Suicide' This was a solution cooked up by people who could no-longer live with the policy changed that MySpace forced on people.
It deleted the 'friends list' and all the personal data before it deleted the account.
If I have some time, I'll try to write a post to help newbies clarify the different keys and how they should be used. I'm not an expert on the matter, but perhaps one or two users would find it helpful.
There are many guides out there already and they all add to the confusion
As the way the keys work is a bit weird. And the naming of the keys adds to the weirdness. It would be best if steemit would do something about that. And make it more intuitive and separate the master key from the 'functionality keys'
But i guess the developers would be a bit reluctant about making changes to the key system. :-D
Don't get me started. I went through the same thing with coinbase. Of course I relented though because they held my money hostage until I confirmed identity. At least you are able to log on to steem with other dapps! That's one good thing.
As for the keys..well, a complicated system require complicated keys! We all know it definitely is not simple on here. Nothing is ever black or white.
@bifilarcoil