After the big July 4th payout many people's accounts suddenly have tens, hundreds, sometimes thousands of Steem Dollars in them, and thousands of Steem Power too. In this post we're going to learn how to make a new, very secure owner password for our accounts. I'll explain why this is a good security measure, take you step-by-step through the process of creating a very secure password and updating your owner password to it. I'll then touch on what to do with the password or key once you've created and updated it.
See this post for more info about the different Steem account keys.
from Zelda Boss Keys (buy)
The owner key
Your owner key gives full control over your Steem account. Its user is able to post, vote, transfer funds, and change all keys including being able to change the owner key. Notice I said "its user" and not "you"? Because if someone were to get your account or owner password, they can change all the keys and take your account and whatever it is worth for themselves. The owner key is meant to be used basically only if necessary, and otherwise written down/etched in stone and put into "cold storage," a crypto term for keeping your keys off of running or internet-connected computers.
If you have an account registered from Steemit (you registered through Facebook or Reddit), and you haven't switched to logging in with a posting key yet you are probably logging in using a long password that Steemit required you to make. If you haven't made any changes to your keys yet, this password controls all aspects of your account and includes the owner key.
Let's change it
I hope that is enough to convince you that logging in with your original password is not a good idea, at least not until you've changed your owner key.
WARNING: Take this seriously, do NOT lose your new owner password
Before we go further, I need to say that because the owner password is the master key for your account, if you lose it you will not be able to change the other keys if they get compromised and changed on you. Once you make the key, and especially after you've updated your account to use it, you need to make sure it's safe, secure, and won't get thrown out with yesterday's grocery list.
Step 1: Make your new owner key or password
To create a super-secure owner password, we are going to use Diceware (Wikipedia).
Diceware™ is a method for picking passphrases that uses dice to select words at random from a special list called the Diceware Word List. Each word in the list is preceded by a five digit number. All the digits are between one and six, allowing you to use the outcomes of five dice rolls to select a word from the list.
Each Diceware word gives 12.9 bits of entropy and because we only have to do this once, we're going to crank those dice all the way up to 20 words for 258 bits of entropy. Diceware is fairly simple and straightforward: get a single dice (die, whatever), roll it 100 times (5 for every word), recording the result 1-6 on a notepad each roll, then looking up what word corresponds to your 5 rolls from a wordlist. Follow the instructions from Diceware's page (scroll down to "Using Diceware") for more detail. You will end up with 20 Diceware "words." If you wrote the words down in your computer, print a couple copies, and perhaps save to a USB backup drive (not a local, always on disk).
Step 2: Secure backups!
Now it's time to backup that new owner password offline, on paper, USB, DVD-R, Incan knots, etc. I'm going to pass this one over to @steempower who recently wrote a good guide to diligent backup:
Don't take it lightly. Should you ever need it, you'll want to make sure you'll have your owner pass or key well into the future.
Once you've updated your owner password or key you can not change it if you don't have the new one! So imagine a worse case scenario where as soon as you hit the Save button your house burns down. Before changing the owner key make all of your backups, including even offsite. Procrastination might be your downfall, so it's prudent to do this before going further.
Step 3: Update your owner password
Ok, you have your new password and it's backed up in multiple safe locations, not on a piece of paper hanging precariously over the paper shredder? Great, we're set to update your owner password.
Go to https://steemit.com/@youraccount, putting your account name in the URL where appropriate. Then click the Permissions tab.
Then carefully click the third pencil icon down, next to the owner key line, as shown below.
Type (carefully!) or copy and paste (paste into a viewable text editor first to make sure you have no preceding or trailing spaces though, important!) your 20-word Diceware password into the boxes. Also be aware that spacing and capitalization matter too! Every character has to be entered verbatim when setting it and identically when using it. So make sure your hard copy of the password is explicit with spacing and capitalization. Once done, hit Save, the spinning icon will spin just long enough to put a small sense of dread in your mind, but then you'll get the green text and you'll breathe again.
You'll still be logged in with your original password, and you'll see that you cannot show your owner key anymore. Success.
Then if you were to log in with the new owner password, which you don't need to do at all, you'd see you could edit all the keys, including the owner.
Backup, backup, backup!
BUT WAIT, THERE'S MORE!
Step 4: Make and log in with a posting key or password
Now that you've got your owner password securely backed up, you can move on to posting securely by only logging in with a posting key. I'm going to pass the buck again, this time to myself:
Your original 16+ character "master" password will still work as a memo key and active key. Remember the active key that your master password controls can still do a lot, including instantly transferring your Steem Dollars and STEEM tokens and less-instantly powering down your Steem Power, so keep it guarded as well.
To reiterate, many of the Steem accounts most got for free are now worth much more so be diligent in protecting the value your account holds. Create an owner key to be used for cold storage, make sure it's properly backed up so that you'll have it forever, and always log in with your posting key unless doing something with your funds.
If you found this or my other posts helpful, click here for my blog page and hit the button in the upper right!