You are viewing a single comment's thread from:
RE: Top 5 Things you thought were Secure but are Not! [100% SP]
If you are logging in with your posting key then it should be safe. Althought the owner key should be offline generated for maximum security, but by not reusing it for login afterwards massively decreases the risk of hackers stealing it. Read my previous article:
https://steemit.com/steemit/@profitgenerator/warning-your-steemit-password-is-at-risk
Thanks again for advice. Your linked post is very helpful.
No problem, 1 correction though, the master owner private key/password should never be used, only if you want to change it (if it gets compromized). Instead you only need 2:
The active key can move money, but it can't change itself, so if a thief gets their hand on it, he cant lock you out. And seeing that you have your money in SP, you can easily see if somebody has intruded in your account, he probably cant steal a much money before you noticing it.
The owner private key should be kept at maximum security, and should be only used for as backup if you want to change it.
I am not sure but I think you can generate the keys in the Steem wallet software safer than through browser, but I am not sure on this.
But if you change the owner key in browser you have to login at least once with it, to view your other keys, so there is some risk there that an MITM attack can steal it, although that depends on how safe HTTPS is.