You shall not (leak your) pass!

in steem •  last year

Another account was (almost) hacked and three accounts were vulnerable for weeks. 167 valid private keys are still publicly available.
Why?
Because people are putting weird things into memo fields.

Well... "weird things" are not a problem, but when you put there your private active or owner key (or other types of sensitive information), you might end up regretting this until the end of the blockchain.
That means: FOREVER.

passwords

Have you entered your key in a wrong place?
Be sure to remember that this is when you lose control over your account.

A few seconds later, a malicious user will take your key and replace it with his own.

If that was your owner key or master password, all you can do is start the account recovery process, which can take days or weeks, but ** it has to be completed within 30 days** or your account is lost forever.
It might or might not work and you might or might not be eligible to use it.
After all, you have just lost your account, so don’t expect miracles.

It that was your active key, you can still use your owner key or master password to quickly change the leaked key but...

The clock is ticking

  • Within the next three seconds, you will lose all your STEEM and SBD that were not frozen in savings accounts. (Are you that fast?)
  • Three days after your failure, you will lose all the funds you have in your savings accounts too, if you haven’t been able to regain access to your account yet (How about not losing it in the first place?)
  • Also, Power Down was initiated right away, so week after your failure and every week from now on you will lose 1/13 of your Steem Power until your account becomes an empty shell. (Oh, my mistake, it's not "your account" anymore.)

Scary, isn't it?

Such thing happened almost happened to one of the users: @photo-trail
(not to mention three others - more details later on)

Fortunately, while monitoring the blockchain I was alerted in time and I've changed that key myself.
(special thanks to @almost-digital for the useful tools he provided)

I sent a message to the user:

"You have leaked your active private key to the public putting your account at risk. Your key was changed to prevent stealing your funds. Please change your active key using your owner key or master password. Be safe."

What was at stake in that particular account?
$30 worth of liquid assets (almost all in SBD)
and almost 2800 Steem Power
Estimated Account Value: $4,355.64

Extraordinary? No. Not at all.
Not long ago, @noisy & @lukmarcus gained access to 11 accounts with $21,749 on them
Their post call the attention of users to the issue, earned thousands of dollars, received thousands of upvotes, hundreds of comments and tens of thousands views. Their story was even featured on a popular Polish site - Niebezpiecznik

So what? Nothing. It just happened again.

Even though it was much less likely, because many nodes are now checking memos after #1181 was implemented.

"Transfers with the sender's private key information will be rejected with a soft fork. The error message recommends the sender change their keys in such an event. The CLI wallet does a similar check against the sender's keys and the keys in the wallet."

So what about other keys that are available publicly and still valid?
I made a quick scan that revealed another 170 keys.
167 memo private keys. There's no imminent or direct risk, at least not now, but if someone used their memo key in a wrong way, there's a good chance that they are putting their assets at risk by improperly handling their secrets.
Unfortunately, there were also two active keys and one master password.
@amrsaeed - the key was leaked 56 days ago during a transfer to poloniex, @noisy has already included this case in his post, 34 days ago this user was warned by @lukmarcus about the leak
@gary911 - the key was leaked 41 days ago during a transfer to poloniex, 34 days ago the user was warned by @lukmarcus about the leak
@savagem13 - the master password was leaked 26 days ago during a transfer to bittrex, 5 days ago someone used their password to change account properties to:

"{"profile":{"name":"Savage Money","about":"This Account Has Been Hacked! Please Change Your Password. Your Money is Safe"}}"

(which is not true, because after you have leaked your password/key, your money is not safe)

Surprisingly, none of those keys were changed yet (until today, of course, by me), but that doesn't guarantee that the keys were not under control of any malicious third parties or that the actions made after those leaks and before the keys were changed were made by their original owners. Maybe the malicious users were just waiting for a bigger amount of liquid assets to be available on those accounts. You never know.

Estimated Total "Secured" Assets: $12,000

Another case, another lesson.
This time, again, everything ended (relatively) well.
Who was paying attention?
Are we safer now?
Are you?

No.

It will happen again, one way or another.
Please make sure that it will not happen to you.

TL;DR:

You will lose your funds if you disclose your private key.

(Try to guess: Why is it called PRIVATE?)

Do not learn from your own mistakes, learn from the mistakes of other users.

"Keep it secret, keep it safe"



If you believe I can be of value to steem, please vote for me (gtg) as a witness on Steemit's Witnesses List or set (gtg) as a proxy that will vote for witnesses for you.
Your vote does matter!
You can contact me directly on steemit.chat, as Gandalf



Steem On
Be Safe

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  
·

Thanks for custom stuff staff ;-)

·
·

Hi @gtg I've written an article about you, check it out if you can, thanks.

21 Best Steemians Of The Day To Follow 6th August 2017

https://steemit.com/steemit/@jzeek/21-best-steemians-of-the-day-to-follow-6th-august-2017

·
·
·

Thank you :-)

·

Exactly on point sir.

(TheGreat)

·

Was thinking the same :P Thanks for putting some real world examples out @gtg Steemit hackers be like "aint no rest for the wicked, money don't grow in steem" ohh wait...

·

Hi sorry for interruption, why i cannot vote witness? Your name are not available. Thanks!

Why what means witness?

·

This post received a 3.8% upvote from @randowhale thanks to @vysmek! For more information, click here!

Better be safe than sorry.
Very useful post for the Steemit and the entire Crypto community!!!

Thank you dude!

This is a good story. I even go through some of the comments. I wish stories like that spread all over steemit to educate and keep on reminding all steemians how to protect their keys.

It is imperative to continue acquire knowledge on how to saveguard your valuable assets.
Constant reminders are needed to keep new and old steemians aware of this beautiful way of keeping the account safe.
I am still learning about steemit. I definitely still trying to understand the multiple need for our account.
Point I want to make. Keep learning.
I wish to see more posts about what keys to use and it could be multiple posts.
It is important.
Thanks guys

·

Well it's quite unclear.... I don't understand why anyones surprised. Why do you need a memo key? Why are you told to keep your private keys safe but not told explicitly what keys you definitely want to immediately note down and never show anyone ever again unless you have to,

OH and it would really solve so many problems if there was a 2 factor authorisation. How hard can it be if so many others have it? I think someone needs to remind the devs that it's meant to be a platform for people that are used to facebook and reddit not nerdy crypto complexities that they have to pay attention to.

The thing is that steemit is how some people are being introduced in the cryptocurrency and I don't think many people know what to do regarding transferring things to exchanges and what the memo field is for.

Private keys is what we should all hold close to us and not let anyone know. It is great that everything on the steemit blockchain is known and nothing is hidden. A great transparent system but it also leads to some easy theft of keys from people who don't know what they are doing.

Hopefully this will cause some people to be more cautious and maybe you will be able to help some people save some money @gtg

Thank you for spreading the word! :)

This is kind of the thing that might as well prevent Steemit from being truly mainstream as a social media platform. Even though it tries to be safe, it's a lot easier to make a crucial mistake here than on instagram or facebook. A short look on the tag that we both use fairly frequently, #polish, is a good reminder that a big chunk of steemit userbase has literally no clue about how it works and how to protect oneself and they don't mind, they just want to blog a bit.

Nonetheless, great work, glad your username isn't saruman as things would get dark quickly.

·

I think, that we as a community <specially polish part, where english can be a barrier> should do everything to keep steemit as a blockchaing safe, but what's in my opinion equally important to make it as accessible and simple for user as possible.
I know, how confused new, non-technical user can be on the beginning of his journey - it was quite hard to understand for me, programmer so what can total crypto-newbie say? We should be for him someone who can follow and learn from... Someone like who Gandalf was for Frodo :) - although it was Frodo's own journey, Gandalf helped him to take the first, most important step.

Flip this made me scared enough to check more than I already am, I am always too scared to push the OK button before I am 100% sure everything is in order. Thanks for the great post, very informative :) I am learning a lot on Steemit!

This is a great reminder. I think people get so used to copy/pasting they don't realize they might have pasted their password to the public. Be safe and diversify!

·

This comment has received a 6.67 % upvote from @lovejuice thanks to: @theabsolute. They have officially sprayed their dank amps all over your post rewards. GOOD TIMES! Vote for Aggroed!

Hello Friend ! You have an interesting blog, I will follow him and tell my friends! Good luck in your development 👍 I hope you will answer my message and do not miss it) a good day

·

Good luck friend !

·

Thank you :-)

Hi! I am new here and I do not know very well how this works... I have started to follow you and given you a vote too because I think you are very interesting. I hope I have done it rightly and I hope you can understand me because my English is not perfect. Thanks.

It is so easy to make a mistake. Make some simple rules for yourself when handling transactions:

  1. Make sure you are awake
  2. Make sure you are not distracted
  3. If you are uncertain what you are doing, don't. Or do a test if it's working beforehand.

Resteemed

just voted for you as a witness,based on a good referral

·

Thank you :-)

Hi @gtg, just to let you know, I am following you and voted you as my WITNESS. I am quite new here and I would also appreciate if you could comment on what you think of my last post :)

·

Thank you :-)

Honestly, I hope that this post will hit as many vulnerable people and their accounts as possible- maybe it'll give them courage to replace their credentials with secure versions.
You can also add to the story other common mistakes:

  • not remembering passwords and depending on browser's auto-fill,
  • legendary 'one note for all passwords',
  • and the most dangerous - one password for all services. I think losing main e-mail account, bank account, social media and every other at the same time is more scary, then losing only blockchain wallet.

Upvoted and resteemed, it's a hard lesson to learn, and a lot harder for those not used to the crypto asset world and how blockchains function. With Steem attracting so many non technical users, it's important to educate as much as possible about how this technology actually works behind the scene.

Terrific article, and a special feeling towards this post after watching that scene from LoTR; what a classic it is.

Regards,
Ashton Kutcher

·

Indeed.
Please note that if you are claiming to be "the guy" (Ashton Kutcher) you need to verify your identity, otherwise it would be treated as an identity theft.

Woooooo

hi, I voted you as my witness, just wanted to let you know

·

Thank you :-)

@gtg thank you for the firm reminder.

I almost put a private key instead of my post URL where the public memo is for transferring SBD to randowhale but fortunately the system warned me so I stopped in time... Thank God for the warning!

Curious... Is it good practice to change our keys periodically? Do you? And if so, how often?

·

Depends on how they are used and where they are used.
It is good to not use your master password or owner password at all, having them securely stored somewhere offline.
Use active key only when it is explicitly needed making sure that you are on a trusted site. For most users it means steemit and steemit only.
Your key would not be guessed during your lifetime unless quantum computing become a reality. So the only risk is in their usage. If you used public place (internet cafe or shared PC) then change your key. Being unsure is also quite good reason to change it but you have to make sure that you would not lose your new keys.
Nobody can help with password recovery if you lose it.

·
·

Wow. Great info here. Thank you. Resteemed.

·
·

@gtg I put a question in Steemchat for you under @gandalf.

·
·
·

All is good. I updated you in chat. Thanks a bunch for this post.

·
·
·
·

Sorry for a lack of quick reply, it usually take me some time before I'm able to respond.

·
·
·
·
·

🤣 that's no problem! I changed my keys. Curious, am I correct in saying that in Bittrex, their memo field is for a memo now, not for a private memo key? Yikes!

·
·
·
·
·
·

Yes, memo field is for tagging your transaction to help you memorize details on what it was made for, etc.
That's when you are sending your transaction from bittrex, poloniex, blocktrades, etc.
You might notice that when you are sending to such exchanges they require you to put some special id there (never your key / secret). It's for the same reason, so they would know what they should do with such incoming transaction (match it to your account / request on that service)

Thank you very much for this important reminder. I hope I have not opened that door by mistake.

·

Fortunately, you are not among those who leaked their keys through memo field.

·
·

Thank you for sharing that. I try to be careful but one never knows. Upvoted and followed.

Very important information. Also, I stored my keys everywhere as when you lose them there is also no way of going back !! So save save save in sensible places to have at hand (except across your forehead and , in memo , of course!) :D

Losing one's steemit account is a scary thought and also very real, thanks for the reminder about the security of one's private keys.

Thanks you for this. I don't know much about cryptocurrency. Please help post more articles on this subject matter

our world will never peace if they is a scammer and bad hacker why not they steal from bank more money and they steal from us small amount dammit very hard to solve this problem i think block chain need to find out solution to counter this problem

·

Stealing is always stealing. If you add relativity to this, you risk being in a wrong set of entities, because from thief's subjective point of view you might be the one, bigger, that it is ok to steal from.

·
·

i know they never care about that as long they got something sometimes this world unfair for us as a victim for me they are the worse human being because steal from other and make our life miserable​ as i experience​ already happen to me

Thanks for the reminder... serious stuff !!

Thank you... I will do my verry best to secure my password, and ceep my self safe!

I have shared my private posting key with the Steemvoter, that is safe right?

·

That is a good question.

As long as you trust Steemvoter. That means not only trusting that authors of such site are not malicious, but also that their code and deployment procedures are secure enough so it won't be abused by bad actors.

Private posting key has no access to funds on your account, so in worst case, malicious user who steal it would be able to make/edit posts and comments, reblog and upvote on your behalf, possibly affecting your reputation both as number as the real one.
You can change your posting key at any time using your active key.

·
·

ok, that was a good explanation.
I think I trust them, because I see many people using steemvoter.
Thank you so much!

Beberapa detik kemudian, pengguna jahat akan mengambil kunci Anda dan menggantinya dengan miliknya sendiri.
Jika itu adalah kunci pemilik atau kata kunci utama Anda, yang dapat Anda lakukan hanyalah memulai proses pemulihan akun, yang bisa memakan waktu berhari-hari atau berminggu-minggu, namun itu harus selesai dalam 30 hari atau akun Anda hilang selamanya.

Mungkin atau mungkin tidak bekerja dan Anda mungkin atau mungkin tidak memenuhi syarat untuk menggunakannya.

Lagi pula, Anda baru saja kehilangan akun Anda, jadi jangan mengharapkan keajaiban.
Itu adalah kunci aktif Anda, Anda masih bisa menggunakan kunci pemilik atau kata kunci utama Anda untuk segera mengubah kunci bocor itu

I fear a lot of the people I am getting to join will not heed my warnings about security and will run into these issues. A lot of people new to blockchain are jumping into steemit and don't know about how important account security is. These will be non-issues in 20 years but right now we're the pioneers of digital security

Thank you @gtg for the great reminder to be safe and also for the tale of helpfulness to others
LMAN.GIF

That's dam frightening to read . TY for bringing this to readers attentions .

Heureux de voir que Gandalf the Gray a un chapeau blanc! :).

Très bon article qui est très bien fait de votre part Merci.

Est ce que vous pouvez faire un tour sur mon blog @zeryius s'il vous plaît merci.

well said.better to learn from others mistake

Please Follow me & Vote me
@faheemahmad
Thanks
@gtg

I must go and look The Lord of the Ring now .....

And good info.. Thank you!!

wow, @gtg , you are so right thanks a lot for posting this. I never know that posting such info on memo can be disastrous , Upped. Steemit is great because of guys like you and your team furnishing us with pragmatic advise. Following you in order to stay in touuch.

I mentioned you on my latest blog post :Why Steem debit card will be great for all , pls see it and join the debate

White-Ip list would be a wonder on Steem, needed before buying/selling anything on Steem.. My 5c ;)

·

Implementing discrimination based on origin is impossible on Steem. Even if that's IP based ;-) Perks of distributed / decentralized platform.

It is good to not use your master password or owner password at all, having them securely stored somewhere offline.

People are so careless about their private keys. Just get it tattooed on your arm so you won't lose it lol

can you check mine too. I saw you did that for someone down further in comments, I think I haven't made any mistakes

(apart from posting it by mistake in task changing in a PM to friend who told me he didn't take it, and I wiped it from the message in few milliseconds but did it expose me to other dangers apart from my friend?)

do you think?
I suppose I should just change it and stop thinking about it. It was the active key, as I was voting a witness in the other tab.

I know stupid newbie error

thanks for your efforts

big hugs

·

"I suppose I should just change it and stop thinking about it."

Exactly.
Just please be sure that you save it securely to not lose it.

Mantap....... Saya suka

Thanks for this important information.

i've done but now how can i recover that mistake??

·

Just change your keys (or master password).

·

Not related at all.

Saved for later. This info is GOLD! Thanks for reminding me and others and informing the one's who just didn't know. Good stuff. Much appreciated!

Main question....

What IS the purpose of the memo key anyway?
What sort of use is it to a thief?

PS: why does it say an account has not changed hands recently if you try and recovery your account (just to test what happens)

·

Memo key is not currently used for anything (might be used for signing your messages, etc).
So currently thief can't do much with it (maybe except some weird social engineering scenarios)

As for account recovery process you can do that for a scenario when your key would be stolen and changed. Then having your previous key you can request account recovery process to be initiated.

Excellent advice to keep accounts safe! Thanks for helping our fellow Steemians.

Thanks for putting this info out here Gandalf! If only noobs heed useful advice we'd never have to worry about hacks!

How can I know that my account is been exposed to security breach?

·

What do you mean exactly? This is very broad subject to discuss.

·
·

You wrote that you discovered some account are exposed, so I ask, how would I know my account is not secure? Just scared!

·
·
·

If you are asking about this particular case, then don't worry, you didn't exposed your private keys to the public. I've just checked your wallet, you've made few transfers to blocktrades and each time you've used memo key just as you should.

·
·
·
·

Thanks @gtg

Steem On
Be Safe

Good slogan for situacion :)

Thanks for making us aware of the seriousness of hackers on steemit

Thanks for looking out for people. To have access and choose to safeguard peoples money is extremely commendable.

Great info. Thanks for the background info on these "hackings".

I guess putting your key in a public memo is not the best security practice, eh? =/

Very good post, resteemed to ensure my follower also see it :)

Your advice are really important. People often forget about safety and Steemit funds have great value, especially for the future.

But this key in the memo thing, was it part of a bug? or just people who didn't double check what they write where?

·

Not a bug. It was a human error each time.

·
·

But I saw on the original post, a fix was proposed, what do they mean by that?

·
·
·

Both cli_wallet and nodes are going to reject transactions that contains private key material in their memo field
I'm not a big fan of solving it at nodes, because it is already too late. Best solution is to keep an eye on users' memo field (it has to be implemented in 3rd party every application that allows transfers) and refuse to put there any key material.
So it's not a fix that gets rid of some software bug. It is a change that would try to stop users that are willing to hurt themselves.

·
·
·
·

Oh yeah okay like that. It's pretty good that they try to prevent people from hurting them selves.

But why can't they just have an automated system that detect when an key is written in the memo, and the system would give a pop up message like: 'be careful, you're master key is written in the memo field" or something.

Or is this already what they are doing?

·
·
·
·
·

That's pretty much like this currently, but of course pop up message is application based while we need to take care about whole platform (i.e. variety of applications) so it's on nodes. It might be good for temporary solution, however, if someone sent that already then notifying is already too late.

·

some time people careless and not check properly

This is crazy. Good to know alot of this info for sure

Thanks for sharing. We need steemians monitoring this platform on all fronts for its continued success

Greetings @gtg !

I LOVE THT TITLE OF THIS POST!!! SO epic....I wonder how many get it????

I found this post to be a great and valuable contribution to our Steemit community!

You have done so much for this community and I want to help promote and support you with my new project.
I just posted a new episode of ~(~Q2C2~)~ and featured your post in hopes to advertise it and bring in more support!
Keep up the great work!
SteemON!!!
You can check it out here here if you like.

·
·
·

thank you!

Thanks

Excelente post

it's great

Informative

@gtg: Olórin, many have benefited from your insight and intervention, in confidence of your demonstrably benign nature I gave my vote for you as witness.

quenya word for strength


What is evident from reading this post, specifically the comments, is the following:

  1. People create a steemit account
  2. They find content they like & vote/comment
  3. They post things they like & hope for votes/comments
  4. They explore the cryptographic functions of their account & may end up stumbling blindly into PKI key exchange processes with potentially disastrous results
  5. There's a wealth of good advice & information in this thread, but it has to be dug rather than easily perused in a clear & concise manner

If you have the time to write it, I think many people would deeply appreciate an article with synopsis of the info & advice here, an account/crypto functions field guide if you like, perhaps with some screenshots to illustrate:

  • Your account/wallet
  • Keys & their uses:
    • Private vs Public keys
    • Master key
    • Owner key
    • Memo key
  • A list of resources (eg):
    • Account/key loss/theft assistance URL(s)
    • Account/key/blockchain health/search/summary URL(s)

It wouldn't need to be a thesis, just name the parts and state what they're for (and what you should never do with them). I'd certainly vote & resteem, & I volunteer to help with graphics, if agreeable.

·

Thank you :-)

Unfortunately there's no way that I can find enough time for writing tutorials or guides, but it's always good to look at quickstart guide and list of frequently asked questions and all resources that are linked from those pages. If there's something missing then it is a good opportunity to improve the docs :-)

Good insight. Unfortunately many newcomers jump in without reading up at least the basics of security. In crypto you can be your own bank - treat your holdings as such and stay safe - stay in profit.

You are good guys indeed! Thanks for being a good example to our fellow Steamians. You rack! rock! :))

Congratulations @gtg!
Your post was mentioned in the hit parade in the following categories:

  • Comments - Ranked 10 with 108 comments
  • Pending payout - Ranked 8 with $ 285,08

Great Key points... We should all be vigilant in corresponding to safe our stuff...

very informative post :)

@gtg

FYI - Just posted this article.

Analysis of Steem's Economy - A Social Scientist's First Impressions - Part 3/4 in the series.

https://steemit.com/steemit/@cyberspace/analysis-of-steem-s-economy-a-social-scientist-s-first-impressions-part-3-4

I may have not realized how much of a LOTR nerd I am until this post hahaha
I just re read my post about you and this post and I'm totally a LOTR nerd!
Hahahaha thanks for bringing that out in me!
Love you @gtg

I dumped the blockchain but haven't dig into it yet. I am really wondering what kind of weakness I will find!

Your follower :), and i like your posts. i see you also vote up ? @ronaldmcatee

thank you friend @gtg

That was a wake-up call for sure .

Is a bit surprising

I use my private key for steepshot app when it asked me. I should not do this?

·

As long as you trust steepshot. Also, make sure that this is your private posting key, which doesn't have access to your funds.

Applications should be written in a way that it does not send your key over the network at any point (as steemit.com site does that). That is, your key never leaves your device.

·
·

Thanks gtg. Yes that's right it was my private posting key. Thanks for the explanation

This is insane. I agree with @ackrai when he states that a lot of steemit users aren't familiar with crypto. I hope there's a way to improve security on Steemit and prevent things like this from happening down the road!

·

We are doing our best (witnesses, developers, community members, etc) but it's very hard to fight with human errors like this.

·

better safe than sorry is always great advice

I can see how this happens. Iread you can make a posting key, but I have no clue how to do it. Good reminder to me to look into it. Good job. Thanks for watching out for us. :)

·

You can go to your Wallet, then Permissions, then "[SHOW PRIVATE KEY]" to get current one (this is derived from your master password, but when you loose it - damage would be limited as an attacker would need to get your active key to deal with your funds)

·
·

That's cool to know. Thanks. There are certain experiences in life better left alone. Having to recover your account is definitely one them. Thanks for the info.

This is great info.
1st rule of steemit never lose your pass.
2nd rule of steemit never lose your pass.

It means you have to take care of it I guess.

·

lol voted you as a witness long time ago, and just realize it was you. keep it up my friend.

·
·

Thank you :-)

Most of those leaked keys are the private memo keys. People mistakenly used them in their bittrex transfers to their steem account. They should use the PUBLIC key that starts with "STM", not the private one starting with "5".

·

No, there's no point of putting there your public memo key either.

I am so pleased that there are caretakers within Steemit. You are a star and deserve to be a witness. Resteemed. :)X

·

Thank you :-)

Thanks @gtg

Sadly, it's really easy to do.

I didn't hit transfer but I accidentally dropped the key into the recipient field the other day.

Always double check before you hit send, transfer, post, etc.

Much Love to those responsible for #1181 change.

Hello good information, but for example what type of things weirds you referred

Gandalf for president!

haha I like the end video, keep it secret :D
well nice dude.

many hackers are tryng to hack be aware and keep your password and all in safe dont expose any where

Yo! Lot of these Steemit related apps are on the go, cant even make out which one to rely on!Every app looks fishy to me to be honest!
Steem Signature - Copy.jpg

THANKS @gtg for this article. Is there an article for newbies, where we can learn how to be on the surer side? I mean what can I do to have a good back up?

·

It's always good to look at quickstart guide and list of frequently asked questions and all resources that are linked from those pages.

Please read it even if you are not understand it fully at this moment. Later on there might something ring a bell so you could get back to it and re-read. Over time you would know more and more about the platform.

·
·

Thanks for the advice, I started with the etiquette article of @thecryptofiend, which is very useful. Will look the rest up as soon as possible! :-) I wish I wouldn't be such a computer noob sometimes :-D

Help me vote

What about using a mobile app like eSteem? Doesn't that have the potential to reveal the secret key to a third-party?

·

eSteem don't have access to any keys. Everything is signed on your device without leaving it, those signed transactions then broadcasted to websocket of user's choice. This model not only gives flexibility but choice to user as well in case of outage user can connect to any node they know/like. If you lost your password, we won't be able to recover it for you, because we don't access to them, only you and your device has it.

·
·

I did not realize before posting that there are different keys for the account. Now that I know I can use a posting key that I can change later if something happens, I feel a little more secure using an app with my key. Thanks!

Ok, no posting but when posting you do it epicly.
I find it hard to believe that people will post their owner keys in a public space, you have to be reaally distracted at the moment or have a gun aiming at you right? Unless hacked, how in the hell you end up _showing the owner key, copyiing it, pasting it in a public paste and click publish" ?

A few seconds later, a malicious user will take your key and replace it with his own. @naz722

·

Is that you doing that @gtg? It really does go to show how important it is to keep our keys safe and secured.

Great advice! Thanks my witness! I feel funny to be a minnow again

post a great can be useful can be used as experience .semoga be a friend who can help me in order to like you ..... to dream and hope in reach. like @sinta need dukugan friend. greetings esteem.

Wonderful material!.. Really it is so useful for me.. Keep up the good work.
Followed you and upvoted done.
Have a look into my blog, you may like any of my posts :-)