Steem Keys and Passwords - Full Guide

in steem •  2 years ago  (edited)

When you first register your Steem account, you're given your master password, a single complicated string of characters you need to remember to log in to your Steem account. However, in reality, your Steem account is protected by multiple keys/passwords which each have a specific purpose/usage.

For example, if you've been logging on to Steemit.com with that master password, you're doing it wrong! There are certain places these special keys/passwords need to be used for security reasons. This article will show you the purpose and usage of each of these keys and passwords. Let's dive in!

keys

Overview of Keys

This first section will include an overview of each key type. There are three types of keys on Steem:

  • Posting Key - The first and most used key type, used for posting, voting, and commenting
  • Active Key - The second key type, used for money/currency transfers
  • Owner Key - The third and most powerful key type, with the ability to change literally anything on your account
  • Memo Key - Used to read/create memos, this key is, for now, pretty useless and can be ignored

For each of these keys, there are two "classes": the public key, and the private key. The public key is, well, public, in that everyone knows your public keys, and they can't really do anything at all. Your private keys, however, are the secure/important ones that you need to keep private and safe.

This order (posting, active, then owner) is also ordered from "least secure/important" to "most secure/important."

Ideally, you should keep all of these safe and sound, but some services may require your posting key (such as auto-voting bots) so the posting key is the least secure, in that sense.

The active key is in the middle in terms of importance/security as it is necessary to move funds out of your account or deal with any of the Steem/SBD in your account. However, the owner key is by far the most important, because it has the power to reset every other key. The owner private key is the master password you got when you first signed up for Steem, starting with a P5.

How do I find these keys, if I only know my Master Password or Owner Key?

First, go to https://steemit.com. If you're already signed in, log out. Now, press "Sign in" once again, and log in with your master password.

After logging in, press your profile picture at the top-right corner of the screen. Then, press the "Wallet" tab.

Within the Wallet section, there are three different sub-sections. Click on the one marked "Permissions."

Now, you should be able to see four sections with QR codes and public keys. These are only the public keys for each section. To see the Posting Private Key, press the "Show Private Key" button next to the public key. To see the Active Private Key, press the "Login to Show" button next to the Active Public Key, then log in to see it.

You will not be able to see the Owner Private Key, because it's the most secure/important one and should be kept offline as much as possible.

In the next three sections, we'll go over each key and when you should use the key to log in.

Posting Key

The Posting Key is used for the least secure facets of the blockchain:

  • posting posts/articles to Steem
  • commenting/replying to another post
  • upvoting/downvoting another post

Not a lot of financial or irreversible damage can be done with this key, though you still need to keep it secure unless you want hackers or others voting/posting with your account. Some services, such as guilds, curation trails, and auto-voting robots may ask you for your posting keys.

If you're able to say with a reasonable degree of certainty that the website/service looks qualified, and that other users have used it without worries, it's generally fine to give them your posting key.

Lastly, I highly recommend you always sign into Steemit.com with your posting private key. Signing in with your master password or owner key works, but is not recommended because you can get everything done with just your posting key. Using a more powerful key puts that key at a higher level of risk should your computer get stolen or hacked.

See the last section ("Keeping Your Keys Safe and Secure") for more details on this.

Active Key

The Active Key is mostly used for financial aspects of Steem, relating to your Steem balances and SBD reserves:

  • transferring Steem or SBD out of your account
  • transferring Steem or SBD into your savings
  • placing orders on the Steem Exchange
  • changing account settings (such as your profile picture)
  • powering up, or powering down Steem

Not so coincidentally, these are the only times you should ever use your Active Key. No service should ever want your Active Key, because your Active Key controls all of the funds inside your account.

Furthermore, if you give your Active Key to a hacker or scam, they can easily and irreversibly transfer all of your hard-earned Steem and SBD out of your account. Don't let this happen.

Remember: if you're not doing something related to money (Steem/SBD) or related to changing an account setting, you don't have to use your active key.

Owner Key

The Owner Key is the most powerful and important key. It includes the "master power" and can do literally anything to your account:

  • everything the posting key can do (post, comment, vote)
  • everything the active key can do (transfer funds, change settings)
  • Master Power: reset every other key, including the owner key itself
  • vote for Steem witnesses

Every change or transaction that can be done on your account is available to the Owner Key, including everything the posting/active keys can do. Furthermore, the owner key is used to vote for Steem witnesses, who are the accounts who produce the Steem blockchain.

The "Master Power" of the Owner Key allows it to reset every key on your account, including itself. If someone gets your owner key, they can easily reset every single key including the owner key itself, locking you out of your account.

This is why it is incredibly important to keep this key safe. Every key should be kept safe and secure, but this one should be treated with an even higher standard of safety. You will never need to use your Owner Key on any third-party service, and it's highly recommended not to use it for Steemit.com either.

Keeping Your Keys Safe and Secure

Keeping your Steem keys safe and secure is highly important.

Sign in with Posting Key

When you sign into Steemit.com for the purpose of posting, commenting, or voting, sign in with your posting key. This is because in basically any worst-case scenario, attackers can't do much to your account.

Say you logged into a fake website pretending to be Steemit.com— even so, the hackers only got your posting key, so the worst thing they could do would be to post a spammy article to Steem under your name, or vote on a bunch of posts you don't like.

Say you had a keylogger or virus on your computer recording your password— still, the attackers can't do much (except post or vote without your permission).

Additionally, you can easily change your posting key if you know this happened, using the Key Change Process shown below.

Key Recovery/Change Process

It's okay to let a trusted friend or service handle your posting key, because it can't harm your account too much. However, if you lose your active key or owner key in the future, or believe someone else might have it, use this process to reset all of your keys:

  1. Sign into Steemit.com with your Owner Key. This is the only time you should do so.
  2. Click this link. Your address bar should read https://steemit.com/change_password.
  3. Follow the directions in the link to change your master password, thereby changing all other keys.

Cold Storage for Owner Key

Your Master Password (the original password you got when you signed up) is also your Owner Key. It should be kept in what's known as "cold storage", which simply means that it's isolated from the rest of the world and Internet.

The easiest way to do this is to remove it from all computers and electronic devices, and write it down on a piece of paper. Store that piece of paper somewhere safe and secure, such as a safe/vault inside your house.

Check Your Links

When you click on a link and see a website that looks like Steemit, check the address bar above. Do you see a green lock indicating a secure connection? If no, close the tab immediately. If you do, check to make sure the website reads steemit.com and not anything different. If it's similar but not exactly the same, it's still a phony.

If you ever enter your password on a phony website, make sure to reset your keys ASAP using the Key Change process above.

That's all you need to know about Steem's passwords, keys, and how to keep them safe. You now know exactly when to use each key, and what each key should be used for.

You can now consider yourself a Steem Key Ninja :)


Thanks for reading,
@mooncryption

image sources: Cover/Front Image, All Screenshots, Padlock, Post Mouse Button, Ninja, Paperstack, yoda, piggybank, First Key Icon

announcement: @mooncryption is now on other social media! Use the buttons at the right to find our various social media pages from Steemit to Facebook to Twitter!

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

it is good to know and use them wisely.

It definitely is.

You need to use the memo key along with your username to transfer steem from Poloniex or bittrex to your steem wallet.

Ah, I see. The memo key was originally designed, though, for encrypted/private conversations. The developers haven't implemented that into Steemit, however, so I guess those exchanges are the only uses for it now.

Ur banner is done :) It's in discord

Thanks! I've just added the banner.

@mooncryption this guide is excellent. It is exactly what people need to know about the different keys, and the most important, how to keep the accounts secured. Just upvoted. @gold84

Thanks for your comment! Glad I covered most of the things I wanted to cover :)

@mooncryption you are welcome! Will continue reading your future posts. Your upvote back is also appreciated. @gold84

Upvoted :)

Appreciated @mooncryption upvoted your comment too! @gold84

Super helpful and informative. Voted up😊

Thanks!

Upvoted on behalf of the dropAhead Curation Team!
Your post will be Resteemed by @dropahead witness account of the dropAhead curation team!

Watch out for the #xx-votesplus tag!

Do you want more earnings?

By doing the above you will give us more STEEM POWER (SP) to give YOU more earnings next time.

Keep up the good work!


Most recent post: Moving #25_votes_plus to Discord

@resteem.bot
Resteemed to over 5000 followers and 100% upvoted. Thank you for using my service!
Read here how the new bot from Berlin works.
@resteem.bot

Calling @originalworks :)
img credz: pixabay.com
Nice, you got a $8.79 @minnowbooster upgoat, thanks to @mooncryption
Want a boost? Minnowbooster's got your back!

The @OriginalWorks bot has determined this post by @mooncryption to be original material and upvoted it!

ezgif.com-resize.gif

To call @OriginalWorks, simply reply to any post with @originalworks or !originalworks in your message!

To enter this post into the daily RESTEEM contest, upvote this comment! The user with the most upvotes on their @OriginalWorks comment will win!

For more information, Click Here!
Special thanks to @reggaemuffin for being a supporter! Vote him as a witness to help make Steemit a better place!

Nice work. Good guide

Excellent post what i was searching thanks @mooncryption !

I'm glad it helped you!

This post was resteemed by @resteembot!
Good Luck!


Curious? Check out:


The @resteembot users are a small but growing community.
Check out the other resteemed posts in resteembot's feed.
Some of them are truly great.

This post was resteemed by @resteembot!
Good Luck!


Curious? Check out:


The @resteembot users are a small but growing community.
Check out the other resteemed posts in resteembot's feed.
Some of them are truly great.

@angelschu this is one of the first most important things for you to know about protecting your hard earned STEEM!

@cmtzco has voted on behalf of @minnowpond. If you would like to recieve upvotes from minnowpond on all your posts, simply FOLLOW @minnowpond

Intresting post..a upvote 4 u..plz check my posts also

Thank you for this information. Just what I needed as I am new on steem

glad you wrote this..resteemed and upvoted 🐋

Thanks for your comment :)

Thank you . Good article .

For two months I went in with the key given during registration. Now with a private key for publication. How to understand hacked or not?

how can i recover my password . i didnt save my password so i can't log out my account now . help me.