When I first came here I did not know all the underlying cryptography and security assumptions. I simply generated a master password in the browser wrote it down to store it securely and then used it in the steemit application. Nothing complained and everything was working fine. I think that this is what most people, especially non-tech users, will do.
But it is not very secure. When your computer is compromised that may cause a lot of trouble and potentially the loss of your funds. Steem actually has a very smart system of different permission keys, where most actions only require your posting key or your active key and your owner key or master passwords should be kept offline. But this is all for nothing if you sign in with your master key everyday!
A user can essentially create a steem paper wallet and only ever use their posting and active key online, giving the account maximum security. This may be to complex for many users, but what everyone can do to immediately improve their security are the following easy steps.
In steemit go to Wallet -> Password
Generate a new password and securely write it down / back it up!
Go to Wallet -> Permissions and write down the new private active and posting keys
[these are obviously my public keys, you need to click on the buttons on the right to find your private keys]
Log into steemit with your private posting key (not your Master password!) and store that in your browser
Store your active key somewhere accessible, you will need it to make transfers.
Store your master password offline and secure.
Using these simple steps should enhance your account security significantly and it does not complicate your everyday life much. There really is no downside of doing it, so best do it NOW!