This is really important, but why should we have to evangelise this to fellow Steemians? Steemit Inc is actually being negligent on this by providing a loaded footgun to users.

When you design a user experience, you should design it in a way that discourages insecure practices. There is a proverb that goes "you can lead a horse to water, but you can't make it drink." A corollary is, "you can't prevent a suicidal horse from dehydrating itself, but you can make it wait by the river until it dies."

The fact that the Condenser application even allows logging in with the master password is negligent as hell. When generating their accounts, new users should be instructed to write their master passwords down and never use them again... and if they try, it shouldn't work. Extra points for forcing them through the password reset workflow after detecting the activity.

Crypto can't go mainstream until we make the necessary security practices understandable to Average Joe. We need to expect as little of Joe as possible. We need to assume that he's not only stupid, but actively acting against his own interests, because social engineering makes that not only possible, but probable; not only probable, but inevitable.

Then, we need to do what we can to empower him (in a manner as brain-numbingly simple as possible) to protect himself from himself.

I may make this into a post later. Without cooperation from Steemit and a massive security awareness campaign, an extremely large portion of the Steem userbase, possibly even a majority, is headed for complete disaster. We are one keylogger epidemic away from a mass extinction event.