Having issues creating separate passwords for owner and active/posting/meta keys, is this still possible?
Hello, within the past couple days, it appears a new version of Steemit was released. Previously, next to each key there was an ability to change the password for that particular key. This is no longer the case. Now, there appears to only be an option to change the passwords for all keys with a single password. This restriction appears to break all security conventions suggested by the Steemit community. Additionally, the requirement to enter the owner key's password to edit the posting/active/meta key passwords contradicts security conventions suggested by Steemit, as well. I was unable to find any information relevant to this particular issue.
Questions
- How am I to keep my active key in cold storage when it is the same as my active/posting keys? Maybe I am mistaken, so please correct me otherwise.
- Maybe there is only one chance to create different passwords for each key?
- Maybe this must be done via CLI on steamd?
Thank you for your time and any input you can provide.
I have the same questions. As I understand it (and I'm not all all sure that I'm right), you can only reset the password for all keys at once. However, that password must now be very long (32 characters, I believe).
Once you've done that, I suppose you'd then make note of all your private key WIFs. You'd keep your master password and your owner key WIF in cold storage and never use them. You'd use your private Posting Key WIF to log in for normal activities and your private Active Key WIF to transfer funds or buy/sell.
The trick to preserving security would be to keep your master password and your private owner key WIF in cold storage and never use them. Since the master password is so long and never used, it should be safe (I suppose) to use that same master password with all the keys rather than having a separate password for each key. I think people were previously recommending separate passwords for each key only because people were logging in with passwords rather than WIFs. If you only login with WIFs it should be fine to have a single super long password for all keys.
If anyone has any more info on this subject, or disagrees with my assessment and explanation, I'd love to hear it.
So the suggested strategy has changed from cold storing Master Password/Owner WIF and saving separate passwords for each key, to simply using the WIFs for each key to login to posting/meta/active. Makes sense. Thank you!
Aside: There are now more than a few different articles with varying suggested practices
I'm having some problems understanding as well.
I created the new password and confirmed with my original Owner Key. But since I did that , the posting key has a "show private key" button, the active key has a "login to show" button next to it, but the owner and memo keys do not have any way to view them as there are no view buttons associated with those.
So I'm not sure how to look at a copy of my private key in order to write it down?
And now to add to the confusion I'm getting a pop-up starting today that says that the password was changed two days ago (which I have to assume that was me that changed it). Since I can't see what my Owner key is, I'm hesitant to go through the password change process again for fear of getting locked out.
Sorry you're having trouble. I just posted a link to this in the Slack channel so hopefully someone more knowledgable than I will respond.