Incorrect Password — Steemit

Incorrect Password

in steemit •  2 years ago


this is me right now

Incorrect Password

This post is to draw community attention to a black hole in how steemit recognizes people. I no longer have access to my account named @jlwkolb, and I don’t believe it is my fault. The bottom line is that I want my account back. I followed all recommended practices, including generating a very strong password and carefully storing it in a secure password keeper.

I hope that the steemit community can get behind me on this issue and put some pressure on those who run steemit to help find a resolution. I believe I will not be the last individual who will experience a technical issue not of their doing that prevents access to their account.

I have spent a lot of time trying to regain access to my account on my own. In the process, I have befriended individuals with significant technical knowledge of steemit and security in general.

The most helpful among them have told me that they have seen no holes in my approach to security or managing my passwords. In fact, they have praised me for my use of a strong password keeper, keepass, to generate and store passwords.

I joined steemit on July 7th at the suggestion of my friend @stellabelle. I made my password 16 characters as required. It worked fine for just over a week and then a hacker compromised steemit.com. Although my account was not hacked and my password still functioned, the steemit website instructed that I change my passwords. I did this on July 17th and again on July 19th, the second time being a result of worry that I had not made my passwords strong enough previously.

After these changes, I continued to access my @jlwkolb account without issues for two weeks. Anyone can verify this by perusing my posts and voting activity between July 17 and August 2. I was even able to transfer 7,000 steem dollars to @poloniex on July 25.

On July 25, I made a new account called @fairytalelife to re-brand to a name that is a little more memorable than @jlwkolb. At this time, @jlwkolb was working fine. I had been using @jlwkolb in the Safari browser so I decided to use @fairytalelife in Chrome. The motivation was that I wouldn’t need to log in and out of accounts on a single browser because @jlwkolb was still an active account at the time.

I never signed out of Safari except once when a browser crash did it for me around July 30. After the crash, I signed in normally with my posting key password from keepass and everything worked fine.

The trouble started when I tried to transfer steem dollars to poloniex on August 2. Suddenly I was prompted to enter my active password. To my recollection, this step was not required when I transferred the 7,000 steem dollars on July 25. But I thought to myself, “no problem, I’ll go to my keypass account and put it in.”

Incorrect Password.

Oh no!

I tried the posting key password once again. It had worked before, so I thought it should work again.

Incorrect password.

Now it seems I am locked out of my account.

What? Nooo! Go back! Go back!

My active password doesn’t work. Incorrect Password. My posting password doesn’t work. Incorrect password. The owner password doesn’t work. Incorrect password.

Now I’m nervous. I have about $23K worth of steem power in my account. And now I’m out of luck? I did everything right. I wrote down my passwords both in a secret notebook and stored them in keepass.

I tried account recovery.

Password not used within 30 days.

It hasn’t even been 30 days! I joined July 7th!

I now have to accept that my account is frozen and I am unable to access it with a password lost forever in the blockchain?

After the above mentioned hack, everyone was assured that their accounts would be returned to them. It may have taken a while, but I know all accounts were recovered and reimbursed, including @ned, @dan, @dantheman, @bitcube,@stan, @stellabelle, @norbu, @wingz, @rok-sivante to name a few. The expertise I have consulted told me also that, before steemit, account recovery in crypto was unprecedented. The size of some of the accounts lost in the hack meant that new policies would need to be written.

I think it’s good to have victims with enormous pockets so this kind of helpful precedent does get written from time to time. I get it.

But I also think that less wealthy victims are worthy of the same types of consideration. $23K may not be big money to many who read this article. But as a mother trying to raise four teenagers, it is a lot to lose because of a technical error—a technical error that neither I, nor anyone else I have consulted, can determine is my fault.

I love the work I do here on steemit, the new friends I make, and the vibrant community of talent. I interact daily with the community and contribute content that I feel adds value to the steemit ecosystem. But I can’t let go the rewards I worked so hard for without a fight.

Although the financial aspect of the rewards is terribly important to me, no feeling on earth comes close to being fairly compensated for the work I do. In a way, I fight most of all for these feelings of appreciation and justice.

Of course I will continue contributing to this social experiment that I see profoundly changing lives. But like anyone, I also need access to the funds I have earned because I have bills to pay. I seem to be locked from my account because the high security passwords I created and saved suddenly stopped working. I believe this is a machine error that had something to do with how the steemit website worked when I set my passwords after the website got hacked.

Machines have their place but they are no substitute for people. Sometimes humans need to intervene to help other humans rather than relying on some sterile mechanism of technology. We can’t just shrug our shoulders when someone on our team is locked out of an account through no fault of their own.

There must be a way to unlock my account through human intervention. Nothing is impossible—inconvenient, maybe—but not impossible. I understand that steemit wants wrongful transfer of an account to be difficult and to minimize the workload when users casually forget passwords.

But I have not been careless or foolish. I had everything covered according to best practices. After the hack, I downloaded keepass and changed all my passwords. I wrote them down in my secret notebook. I copied them in secure files on my hard drive.

A glitch in the system must have happened when the user interface was changed, and now it seems I’m out of luck. Incorrect password? I don’t buy that. With all the skills in the steemit arena, someone must be able to authenticate me. @jlwkolb is my account. I can prove with government issued documentation that I am the person in the pictures and have lived the life described in the posts. Aliens have not dropped a bodysnatcher to impersonate me. This work has never been posted anywhere online before.

The posts in the account and the rewards they earned are the result of my hard work—and now I must accept that my efforts are lost forever?

Illustration © Johanna Westerman 2016

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

You may have tried this already but I'll explain an option just in case.

Unless you're trying to verify a transfer, when logging in with your active key you need to use "jlwkolb/active" as your username in the login dialog.

Also please take into account that there's a bug related to the "remember me" button, which makes it so that if you click it after having entered your username you will need to re-enter your username. Even though the input field still shows your username, the code no longer knows it (this is the bug).

·

@rainman coming in with the signature alley-oop helpful tip of the day wooo. i def have experienced that remember me issue before as well.

The account owner authority on the account was updated twice, which means you may have up to 3 passwords which could be used for recovery. Any owner key or owner key password going as far back as July 14th would allow you to recover the account through the account recovery form.

Last I heard, you were looking for your original signup password. Have you had any luck finding it?


If none of your passwords work:

  1. How did you generate each one?
  2. Are there any passwords you set by typing in manually?

If you entered in any passwords by hand (i.e. without copy and paste), it's very easy to be off by a character. If it was written down, it's very likely at least one letter was written (or read) incorrectly. If that's the case, the good news is that it may be possible to brute-force. If you know that one one of your passwords is off by no more than 1 or 2 characters, a trusted programmer can help you brute force the password.


Please note, the fact that there are any recovery tools on the STEEM blockchain is a big step forward. This is what can happen in the blockchain world when you lose your private keys: $7.5M Bitcoin fortune buried in landfill. This unforgiving rigidness may be alarming for the average user, but it must be carefully balanced with censorship resistance, because the power to recover is the power to control. So it is important to be very conservative in this respect, though I do expect the team to keep making strides in recovery methods.

There are two possible problems:

  1. your password manager messed up (has happened to me before)
  2. something on our side changed that is causing it to not derive your keys

Assuming you have your passwords then we should be able to fix any bug with deriving the keys.

Future Password Recovery Options

We recognize that people are use to being able to recover their passwords when they are lost. People who are use to cryptocurrency know that this isn't normally possible. We have a proposed solution to this here:

https://github.com/steemit/steem/issues/240

Unfortunately, it will probably be opt-in which means this future solution may not be able to help you.

You can contact me, dan at steemit.com, and I will try to get to the bottom of things.

·

I hope that this can be resolved. $23K is definitely not a little loss.

I wonder if @dan and @ned have considered another way of logging in and confirming withdrawals that could be both secure and user friendly.

·

Has Steem recently started sanitizing username/password inputs in a way different than before the hack?..

Just a thought.

·

Any chance that if they used the same exact password to create the new account, that they may have generated the same public / private keys as their first account uses, effectively nullifying that old account? I remember one other user a month or so ago had the same issue as this person: everything worked fine, until they created a new secondary account. I think I recall that other user said they used the same password.

·
·

As far as I've seen there's no issue with key collision between different accounts.

·

I hope on the future, there is better option to recover lost password

@fairytalelife Very sorry to hear of your problem. I think I had the same issue that you are experiencing. Shortly after the updating of the site after the hack, my password become in effective. I reached out to @pfunk on slack and he walked me though how to recover access to my account. I was quite technical and I had to use one of Xerox's new tools to enter my password and have it produce the associated Keys for entry. .....for some reason the password would not work, but the keys were there and worked perfectly! Big thinks to @pfunk ! I'm thinking that you have the same issue. I know the very minimum of the technical stuff, but if you want to jump in SteemChat and send me a DM maybe we can get @pfunk to walk you through the same process. Minewhile I will try to find the notes I took and post them.

EDIT: I just sent a DM to @pfunk. Hopefully he will see this post and confirm if it is the same issue.

EDIT: If I'm not mistaken, this is the tool that we used to resolve the issue (thanks @xeroc ):
https://steemit.com/steem/@xeroc/paperwallet-easily-secure-your-account-with-steem-paperwallet-generator

I had nearly the exact same experience. There must be some kind of bug. I created a pseudononymous account using a Reddit login. A couple day later I created this account from which I am posting now using a Facebook login. All worked fine for a couple days. And then suddenly it started telling me Incorrect Password on my first account. I KNOW I'm using the right password. Like you I saved in in a password keeper. Plus I memorized it.

There has to be some type of bug when people register multiple accounts from the same computer.

Anyway, if you figure it out, please let me know. I will do the same.

·

My simular experience happened with only one registered account on Steemit

The post title is just begging me to do this, I can't help it.

·

Brilliant! I have to go change all my passwords to this right away.

PS Don't tell anyone I'm changing my password to this... It's our little secret.

Quick question... the active password youre using... what does it look like.? Does it begin with the letters 5K, or is it P something (like the ones generated by the site)... or is it one you made up yourself? I think i know what the problem is and its fixable with the CLI wallett. To make sure i understand though, none of the PWs you have even work to login?

·

Further explaination?

I've had this happen at other sites to me, but they all allowed me to change the password as long as I could authenticate (verify) that I'm the owner of the email that was used to sign-up for the account in question.

I too use KeePass (KP) and write the password details down, triple and quadruple checking to make sure that I write them down correctly and that the password stored in KP is the one that's stored with the site as the password being used with my account, so I knew for a fact that I wasn't in the wrong in all cases.

I really hope that you find a resolution that will at least get your monies back.

I think something like a "2 factor verification" like Coinbase uses would work perfectly for Steemit. Make it so that you have to verify both that you own the email associated with the account and the phone that is associated with it (by texting the big string of numbers that they send to that email in order to verify your identity). I don't know how something like this could be coded into Steemit, or if it can even be done, but I know for sure that it would give Steemit users much greater peace of mind knowing that they have that as an option if the shit hits the fan.

I don't think that it's too much to ask from the developers that there should be some type of fail-safe built into the system of users and passwords, just in case something like what's happened to you occurs. Based on my experience, these weird kind of situations pop up a whole lot more than we'd like to believe that they should (ideally, never), so it only makes sense to have that fail-safe, especially with such high investments being placed into this and what we all hope to be future investors with big pockets.

·

Thanks, @jamesbrown. Me too.

·

Very much agreed. I can't believe they don't have a 2FA system in place. I'm new here and have been reading all this. Makes me wonder.

It is a sad story. But I see that the community is listening and changing.

Im really sorry to hear you are going through this! I had the same happen to me, but then i realised the passwords were different and luckily I took a pic of my original first password and it worked, but i was locked out for a week! I hope they will help you to sort this out, because I know how horrible it must feel :(( I've been in your shoes!! Good luck xx

·

Thank you, @allasyummyfood. It's crazy making at its finest.

Hard fork the blockchain to fix this!

Thank you

Since you're on a Mac, you can try my new app, Steem Pressure, and see if it's able to recover your keys. It supports account import via Steemit password as well as WIF key. You can find the source and Mac binary here. Good luck!

·

Thanks, @modprobe. I read about your project earlier - very interesting.

It is very sad
I hope you all will be fine

Steem has an account recovery mechanism. Send an email to support@steemit.com and put contact@steemit.com in CC. If you don't get a prompt reply, create an account on steemit.chat and chase @ned . Ned isn't very available and it can be difficult to get ahold of him. If you don't get a reply within one or two days, don't hesitate to reiterate. Good luck!

hmmm. That is interesting. I guess the first question to ask, is: when you reset your passwords, did you change your 'password' or did you individually reset each of the keys? There was a transition period, I believe where it stopped being able to reset keys individually, and as far as I know, now you only have the option to reset 'password', which resets all the keys. Forgetting about transferring funds for a second, are you able to log in to steemit.com using any of your keys/passwords that you have saved? I'm sure that this will get resolved.

·

Thanks, @trogdor. I hope so. I tried that too to no avail. And a few more times for good measure.

·
·

You mentioned that you used Safari for your other account. Did you have Safari save your password, or did you just click 'remain logged in'?

·
·
·

Safari saves my password, but usually I stay logged in. I had logged out once or twice but was able to use the password in keypass to login (to avoid that hassle, I tick "remain logged in"). The mess happened when I was prompted to enter the active key for a transaction while in posting mode. Then I was logged out of everything like a fuse blew.

·
·
·
·

One thing you might want to check is to view which password Safari has saved, and see if it matches a key or password that you expect. Another thing I would try is to just try logging in with every other password from your KeePass. It's easy to accidentally copy the wrong password when you're using KeePass sometimes.

If you get your account back will you give to charity the $2k you've made from this?

well, you don't lost all, with this post you recover all or part .... be happy and think that I get nothing with 40 posts....

Also, at the expense of possibly being considered "spamming" Steemit, I suggest that you re-post this at higher traffic times on Steemit, like 3:00 PM Eastern Time on weekends, to catch more attention. Maybe you can get the right eyes to see it.

·

No need to repost, we see it.

·
·

@dantheman, have had nearly the identical problem. Actually...identical. If you figure out a solution for @fairytalelife, please let me know too. I signed up initially using a pseudononymous account via Reddit. Then I created this account using Facebook. All worked fine for a while, and then the password for my first account stopped working. I'm absolutely certain that I'm using the correct master password for the first account.

I think there is some sort up bug when people register two accounts via Steemit.com using the same computer. Perhaps it's just an issue with deriving the keys on your end?

Anyway, hope you solve it. Thanks for working on it. We are all grateful for your efforts.

bookmarking this

IF you HAVE your KEYS, you can manage your account ! The truth is not so simple ! (Using python)

·

That's the big mystery, isn't it?

·
·

No. I just cant explain that in 2 sentences.
You need some linux, debian or ubuntu. Install python3 + some few libs.
Then you need upgrade pip to version 1.8.2 and theeen install piston-steem libs using pip
After all this shit you can create program, using python. You can upvote, downvote and even powerdown and then transfering steem to another account. So. Not all is lost.

Sorry for my English, it's sucks.
This is a very brief explanation .

Every time I see a post like, even though each one is different- I get the message that I need to reexamine my password usage. I look forward to the future opt-in recovery though.

You can report steemit.com issues at this link. Did you use the same password as your first account? That may have messed with your old account, IF they have not made sure newly generated public / private keys (based off your password) are never replacing pre-existing keys on pre-existing accounts.

@fairytalelife this password recovery issue is gaining popularity especially within a hybrid social media/cyber currency platform. I am impressed at how knowledgeable you are in all things steem. I like your image but why does the caged bird sing?

·

@quackenbush, thank you. The caged bird is trying to get out. Read Aesop's "The Linnet and the Bat fable."

Wow. Unpleasant story. Did you tell Ned or Dan about this? It seems they have the keys to all the doors. You really do a great contribution. Your posts always take the top. And I personally like them very much.

In any case, Johanna, thanks for this valuable information. I will be more careful. And sure others will make their conclusions as well.

Do you use https://steemit.chat ? You could contact developers easier, I think.

·

Thanks, @omfedor. That is so kind of you to say.

It would be nice if they had something like coinbase where you log in with your password and then receive a text with a code to enter for double verification. Seems like that would help secure the accounts.

·

yes, definetely.

Hope you get this resolved ,sounds like you are far more tech saavy than I

really? I feel pity on you, because you work hard for it. you spend much efforts to earned it, and Thank you for sharing this to us, this could be helpful for us beginners to be aware on the negative possibilities that may occur if we can gain also higher ( $ )in our wallet.

The problem with this is that you are asking for a centralised authority figure to grant you the grace and use his ultimate superuser access to break into your account and restore control to you.

In a decentralised, immutable and censorship-resistance system, this is a big no-no.

The Blockchain systems have always been advertised on how ONLY you can access your assets with your private keys and no one, not even the creator, can get at your funds or content. This is the debate that almost torn Ethereum (another up and coming Altcoin) apart - should a network be changed to fix something outside of its working protocol?

It's the same with Bitcoin. If good grace can be offered then tens of millions of USD would had been reversed after the MtGox and the recent Bitfinex hacks. That did not happen and for good reasons too, because if Bitcoin offered the core dev the ability to change the transaction history then US government could always force them to revoke a wallet and BTC will be useless (e.g Wikileak survived on BTC for a while).

Yes, glitches happen and codes are heartless and cruel, but this is the essence of Blockchain tech. And if it weren't so, then there would not be any point in the first place.

I just hope you and others understand this.

·

I'm sorry but trying to compare losing your password to the DAO and MtGox is just so wide of the mark. Both those instances were due to a hack, stealing funds.

Whereas this is somebody who has lost, corrupted their password, nobody is asking for a hard fork here, just a little help and compassion.

Cg

·
·

Actually, I am not entirely sure on the technicalities here. When we key in the WIP, are we interacting with the Steem Blockchain directly? Or is our log in recorded by the Steemit forum first before we are connected through to the Steem blockchain?

I thought one of the main rules in setting the password is that it can never be recovered, EVER. Even if the @Dan and @Ned tried.

The situations might seem different to you but it the same to a immutable network designed to lock out anything other than a valid private key.

I am just explaining my interpretation of the Blockchain.

23k is already a fortune in my country.. Hope the experts in steemit or the goodguys in tech & cryptocurrency world can provide u d help u need to recover ur funds..

@fairytalelife, I really feel for you and I do hope, every so dearly, that you do manage to work out what your password is. However I feel, for the benefit of the community, that I need to explain something about cryptocurrency.

It's really important in the land of cryptocurrency that passwords remain completely secret. Cryptocurrency passwords are not like regular passwords. Regular passwords just keep you locked out of some service, but cryptocurrency passwords, as you know, can be used to transfer funds.

Anyone who has a cryptocurrency password could spend your funds and although a system administrator could, in principle, keep a copy of it this is not a good idea from the system administrator's point of view. If the site was hacked the hacker could spend everyone's funds. This would destroy the Steem community in one fell swoop.

You wrote that: "There must be a way to unlock my account through human intervention. Nothing is impossible—inconvenient, maybe—but not impossible".

I can understand where you are coming from but in the land of cryptocurrency this isn't the case. In fact, if this were true then cryptocurrency wouldn't even work as a concept. If it were possible to brute force the password then people would try to steal large sums of money and it would be worth the effort.

Actually, technically you can brute force a password but the idea is that it would take longer than the age of the universe to complete, thus rendering it "effectively impossible".

Once again, I must say I truly, truly feel for your plight. In the early days of Bitcoin one individual lost their "password" (aka private key) and literally lost millions of dollars.

I do believe that the cryptocurrency community needs to look into a solution to this problem but
currently that solution has not been found.

I saw some very helpful suggestions from the other people who replied to this post of yours and I think some of them may well work. If they don't then perhaps, we as a community can make sure that we just up-vote @fairytalelife's posts until she recovers the $23K she has lost.

Good luck!

"It hasn’t even been 30 days! I joined July 7th!"
Um, no: it has.
Today is 8-10 - 31 days.
Your post was made 15 hours ago -- 30 days.
It's exactly 30 days when you made this post.

wow this is a problem, I'm so glad you've posted and received so many helpful responses, hopefully something will work for you.

This just happened to me tonight, though I am back in. There password crap thing is confusing , so apparently if I can remember my password it's "unsecured" according to their site, but then that forces me to keep my password copied, so I am copy n pating away, that doesn't at all seem secure. And tonight this Steemit has been asking for my password to do everything, to change my picture I need to re-input my password?! Anyway, it started saying that I inputted the wrong password but it was the same at always, then magically it accepted the same password a few seconds ago said was wrong. Not feeling super confident about that at all !!!!!!