this is me right now
This post is to draw community attention to a black hole in how steemit recognizes people. I no longer have access to my account named @jlwkolb, and I don’t believe it is my fault. The bottom line is that I want my account back. I followed all recommended practices, including generating a very strong password and carefully storing it in a secure password keeper.
I hope that the steemit community can get behind me on this issue and put some pressure on those who run steemit to help find a resolution. I believe I will not be the last individual who will experience a technical issue not of their doing that prevents access to their account.
I have spent a lot of time trying to regain access to my account on my own. In the process, I have befriended individuals with significant technical knowledge of steemit and security in general.
The most helpful among them have told me that they have seen no holes in my approach to security or managing my passwords. In fact, they have praised me for my use of a strong password keeper, keepass, to generate and store passwords.
I joined steemit on July 7th at the suggestion of my friend @stellabelle. I made my password 16 characters as required. It worked fine for just over a week and then a hacker compromised steemit.com. Although my account was not hacked and my password still functioned, the steemit website instructed that I change my passwords. I did this on July 17th and again on July 19th, the second time being a result of worry that I had not made my passwords strong enough previously.
After these changes, I continued to access my @jlwkolb account without issues for two weeks. Anyone can verify this by perusing my posts and voting activity between July 17 and August 2. I was even able to transfer 7,000 steem dollars to @poloniex on July 25.
On July 25, I made a new account called @fairytalelife to re-brand to a name that is a little more memorable than @jlwkolb. At this time, @jlwkolb was working fine. I had been using @jlwkolb in the Safari browser so I decided to use @fairytalelife in Chrome. The motivation was that I wouldn’t need to log in and out of accounts on a single browser because @jlwkolb was still an active account at the time.
I never signed out of Safari except once when a browser crash did it for me around July 30. After the crash, I signed in normally with my posting key password from keepass and everything worked fine.
The trouble started when I tried to transfer steem dollars to poloniex on August 2. Suddenly I was prompted to enter my active password. To my recollection, this step was not required when I transferred the 7,000 steem dollars on July 25. But I thought to myself, “no problem, I’ll go to my keypass account and put it in.”
I tried the posting key password once again. It had worked before, so I thought it should work again.
Now it seems I am locked out of my account.
What? Nooo! Go back! Go back!
My active password doesn’t work. Incorrect Password. My posting password doesn’t work. Incorrect password. The owner password doesn’t work. Incorrect password.
Now I’m nervous. I have about $23K worth of steem power in my account. And now I’m out of luck? I did everything right. I wrote down my passwords both in a secret notebook and stored them in keepass.
I tried account recovery.
Password not used within 30 days.
It hasn’t even been 30 days! I joined July 7th!
I now have to accept that my account is frozen and I am unable to access it with a password lost forever in the blockchain?
After the above mentioned hack, everyone was assured that their accounts would be returned to them. It may have taken a while, but I know all accounts were recovered and reimbursed, including @ned, @dan, @dantheman, @bitcube,@stan, @stellabelle, @norbu, @wingz, @rok-sivante to name a few. The expertise I have consulted told me also that, before steemit, account recovery in crypto was unprecedented. The size of some of the accounts lost in the hack meant that new policies would need to be written.
I think it’s good to have victims with enormous pockets so this kind of helpful precedent does get written from time to time. I get it.
But I also think that less wealthy victims are worthy of the same types of consideration. $23K may not be big money to many who read this article. But as a mother trying to raise four teenagers, it is a lot to lose because of a technical error—a technical error that neither I, nor anyone else I have consulted, can determine is my fault.
I love the work I do here on steemit, the new friends I make, and the vibrant community of talent. I interact daily with the community and contribute content that I feel adds value to the steemit ecosystem. But I can’t let go the rewards I worked so hard for without a fight.
Although the financial aspect of the rewards is terribly important to me, no feeling on earth comes close to being fairly compensated for the work I do. In a way, I fight most of all for these feelings of appreciation and justice.
Of course I will continue contributing to this social experiment that I see profoundly changing lives. But like anyone, I also need access to the funds I have earned because I have bills to pay. I seem to be locked from my account because the high security passwords I created and saved suddenly stopped working. I believe this is a machine error that had something to do with how the steemit website worked when I set my passwords after the website got hacked.
Machines have their place but they are no substitute for people. Sometimes humans need to intervene to help other humans rather than relying on some sterile mechanism of technology. We can’t just shrug our shoulders when someone on our team is locked out of an account through no fault of their own.
There must be a way to unlock my account through human intervention. Nothing is impossible—inconvenient, maybe—but not impossible. I understand that steemit wants wrongful transfer of an account to be difficult and to minimize the workload when users casually forget passwords.
But I have not been careless or foolish. I had everything covered according to best practices. After the hack, I downloaded keepass and changed all my passwords. I wrote them down in my secret notebook. I copied them in secure files on my hard drive.
A glitch in the system must have happened when the user interface was changed, and now it seems I’m out of luck. Incorrect password? I don’t buy that. With all the skills in the steemit arena, someone must be able to authenticate me. @jlwkolb is my account. I can prove with government issued documentation that I am the person in the pictures and have lived the life described in the posts. Aliens have not dropped a bodysnatcher to impersonate me. This work has never been posted anywhere online before.
The posts in the account and the rewards they earned are the result of my hard work—and now I must accept that my efforts are lost forever?
Illustration © Johanna Westerman 2016