How did you just log in?
And so it happened, my brother in law @knightly who has been here for some months now, mainly as a quiet account who wanted to speculate on the who crypto craziness. He bought some tokens to give it a whirl, made some posts, and soon learnt that he could put his SP to work passively.
Being someone who has very little time to blog himself, he decided that this would be the best move. Maybe because of that, I did not explain some basic things, and maybe that is my fault.
Today, he logs into to his account and we see that all his liquid funds, the one's he had been collecting from his small delegation are gone. All gone, seven days ago to be precise.
The thief or thieves, because it could be more than one, even tried to power down the account right before it stole the funds. I think he/she gave up because it was going to take too long to extract the amount, and maybe it was not worth it.
We are sitting there scratching our heads, How did this happen? How would anyone have access to the account? Of course, right away I made him change the master password, safeguarded and what have you, and then he logged back in, and then I noticed it.
"How did you just log in? with the master password?"- Yes, that is a big and I do mean a big no no. Now, I still don't know how the active key got copied, or if the master password was compromised. I doubt it, since they would have changed the master password right away, but it reminded me of this little security tip we must all know.
Never and I do mean never log in with your master password. Use your posting key, and then your active for financial transactions. In other words 99% of the time you should be using your posting key and that's it.
So, lemme ask you... How did you just log in?