The last weeks I saw some worrying things on Steemit regarding hacking of peoples accounts to steel or transfer the Steem and Steem dollars. So I would take this opportunity to clarify some Security related things about Steemit and what you can (or must) do to stay as safe on Steemit (and other sites) as possible. There are a lot of new Steemians entering this great platform everyday, so this would be a good guideline and explanation about safety and secure Semming :)
Within Steemit passwords and keys are more or less the same. You have 4 keys/passwords with your account. Those keys/passwords are all generated when your account is created.
The posting key is used for posting and voting.
The active key is used to make transfers and place orders in the internal market.
The owner key is the master key for the account and is required to change other keys. You have to keep this keep as much as offline as possible because it has the control over your account.
The memo key is used to create and read memo’s
The posting key is, like it says, the key used to post, comment upvote or follow other accounts. You can use (or must) this account for the most part of using steemit. Other keys aren’t necessary and are even dangerous to use in case they got compromised, so it’s good to teach yourself to only log in steemit with your posting key.
The Owner key
With the owner key you are in charge of your Steem account. With this key it is possible to post, vote or transfer steem and steempower. With this key it is possible to change the owner key to another key so this is a pretty important key and you have to be very precautious with it. If this key comes into the wrong hands it is possible to empty your account totally. Advice is to store this key offline and don’t keep them on a place witch is connected to the internet.
The memo key is implemented for future purpose and isn’t used yet.
Steemit password risks
In the previous part I have written which passwords or keys there are in Steemit. In this part I want to tell a little about the risks that goes with it.
With your owner key a hacker can take total control over your account and so change the other keys or transfer your hard earned Steem and Steem dollars to his own or another account, pretty risky. So it’s the best not to leave your key in a file on your lap- or desktop which is connected to the internet. Because when a hacker can compromise your computer, he then has the keys.
Last week there were several accounts compromised on Steemit, the exact cause I don’t know, but these compromised accounts where used to comment on people’s post. In those comments was written that the particular post was plagiarism and there was a link to another post. When you clicked the link and then hit the back button in your browser, you got again a login screen for steemit. In real, it wasn’t a login screen from Steemit but a phishing site to get to your owner key to get to your steem..
If your account is compromised you have 30 days to recover your own account from the moment it was compromised. This can only be done on steemit.com and you have to know the most recent password/key.
Password security advise
- You should use the different keys for its purpose. Although it is easy to use the owner key for all actions, it is also the most dangerous because if someone compromises it, he/she is owner of your account. When you use your posting key to login in that’s fine. You can’t make any transactions with it, but you can upvote and post your posts. With the active key you can make transactions, power your steem up, power your steem down and transferring your steem.
- Store your password never online unencrypted, it is better to do this offline on a local PC at home. When you think somebody is logging in with your account you should change the password, when you do that all the other keys will change too.
- Malware can compromise your Windows computer, when It does it is possible for hackers to watch everything you do on screen and scan your file system, or even install key-loggers which saves all your keystrokes on your keyboard. You can imagine what they can do with all that information, that is not alone about steemit. SO make sure you have malware protection installed on your computer and that you update it regularly.
- Backup your keys in offline backups and make sure you save those saved over multiple locations so when a disaster strikes, you still have your account information on another place.
Feel free to resteem this post to reach as many Steemians as possible to bring the risks to their attention..