I Finally Started Posting Using ONLY The Posting Key – after realizing that the stilling attempts are real
I joined Steemit couple of months ago and I was overwhelmed by it. Started learning and reading about everything that this platform can offer. And there was a lot of things. I also read about the passwords that Steemit had.
source
I knew that there were three types of passwords, but I never dig into it. I was thinking, common I have nothing yet in the wallet, no need to take care of it. And I continued my journey on Steemit without taking any precaution about it.
Now I have put some effort into my account, and it is not worth much, but still I don’t want it to be lost. It has a personal value for me as well.
Changing the password and start using the passwords properly was in the back of my head. And then couple of days ago I saw this scam alert form @arcange who put a post about a fishing attempts with comments that have images.
Here is the post:
https://steemit.com/steemit/@arcange/phishing-attempts-are-running-and-use-fake-comments-with-images
They are trying to take your pass, so when you click the image in the comment it is redirecting you to a fake Steemit page and say that you need to log in again. And if you put your pass, then they have it.
Now a little bit about the passwords or keys as they are called, for those who don’t know.
There are three types of keys, owner, posting and active key.
With the owner key you can do everything, posting, commenting, voting, transferring funds. Also, you can change the other keys.
With the posting key you can post and vote. And with the active key you can transfer funds.
So, image the fishing attempt from the link above was successful and got my key.
Lets see what would of happen if the fishing atempt was succesfull.
If I used the owner key, and they got my key, that would mean the end of my account. They could change the other keys, including the owner key, and the account and funds would be lost forever.
But if I used the posting key, they would get my key, but all they can do is post, comment and vote. This is not something that any thief wants, they want your money. All the damage that can be done here is couple of junk post and comments and maybe drained vote power. I would notice that somebody is doing this and change the posting key, and I will be safe again.
If somehow, they got my active key, and this one you should use on a rare occasions when transferring funds. They can transfer the available liquid funds, but not the steem power. Since steem power need weeks to be liquid. Again, I can recover my account here, but maybe without the liquid steem and SBD. But yet again, the active key should be used only when transferring, not when logging, so the possibility of fishing the active key is much lower.
Now I have put some time in my key management, copy the posting and active key on the phone, and in the cloud, so I have them with me all the time. But the owner I have removed from any online and computer storage file. I have printed out in two copies and put in two different places. Also I plan to change them on regular basis.
This is a little bit more complicated system that the users are know to, but a clever one and effective one. Having different function on a different key allows to split responsibilities and lower the risk account abuse.
In the end, the Steemit rules:
The first rule of Steemit is: Do not lose your password.
The second rule of Steemit is: Do not lose your password.
The third rule of Steemit is: We cannot recover your password.
The fourth rule: If you can remember the password, it's not secure.
The fifth rule: Use only randomly-generated passwords.
The sixth rule: Do not tell anyone your password.
The seventh rule: Always back up your password.
All the best
@dalz