Very informative post, @conradt. Thanks for helping to spread the word.
I did noticed you confused the master password with the private active key.

Your master password is the one you got when you first signed up for SteemIt and logged into your account. That master password should be stored in a safe place, preferrably offline. You only need it when you want yo change your password and keys, which won’t happen very often.

For transactions, you need your private active key, which can be found in your wallet under the ‘permissions’ tab. This is the one you need to send money or a delegation to someone.

I like your analogy with fishing. It is indeed probably where the term phishing comes from - or so I think. Anyway, I liked the way you used it to explain.

Again, thanks for spreading the word. The more people know how to protect their account, the les ms people will fall victim. I really appreciate your help.