Not Your Keys, Not Your Steem
One of the fundamental ideas behind the creation of Bitcoin and the revolution of cryptocurrency technology is private key encryption.
Private keys are the “passwords” that unlock your wallet. Many crypto veterans have a lot of experience with private keys as they have experimented, played around with and even lost money with various private key management strategies.
I was explaining private keys to a friend recently as he just started to dip his toes into Bitcoin. He ended up buying 1 BTC on an exchange and then I had to have the talk with him.
The talk consisted of me telling him that so long as that Bitcoin is held on an exchange, it is never truly safe.
I even showed him the now infamous video of Andreas Antonopolous showcasing the ideas of “Not your keys, not your Bitcoin. Your keys, your Bitcoin.”
This is so important for everyone who holds crypto to understand. It is also one of the most significant barriers to entry, as the majority of people in the world are accustomed to having a custodian who takes care of their money.
In crypto, we don’t trust custodians. We don’t trust banks. We don’t trust centralization and we certainly don’t trust exchanges with our money.
Use an exchange to transfer money and exchange it for other cryptocurrencies… but when you’re done, your money should land in some sort of wallet where you own the private keys.
I proceeded to help my friend get a hardware wallet and give him some reading material. He understands private keys and how to secure his hardware wallet and his backup passphrase. A backup passphrase is 12-24 English words that derive your private keys.
If you lose your hardware wallet or update your wallet without this backup passphrase, your money is likely gone forever.
Bridging the Concept to Steem
The conversation didn’t end there. My friend was also getting into STEEM (and LEO). The private key situation on Steem is slightly different, but the fundamental principle — not your keys, not your Steem — still applies.
On Steem, you have a master password. This master password is similar to that 12-24 word backup passphrase used for hard wallets. It is used to derive your other private keys such as your active key, your posting key, your memo key, etc.
Many Steemians still login to Steem using their master password. This is a huge no-no. Steemit, Inc. recently updated Steemit.com so that you can’t login with your master password. This is a step in the right direction, but education is ultimately the solution to this problem.
So I told my friend to follow these steps:
- Create your Steem account
- Write down the username for the account and the master password on a piece of paper (I suggested 2 pieces of paper — 1 for himself and 1 for a trusted family member to store in case something happens to him)
- Delete the master password from your computer
- Input the posting, active and memo key into Steem Keychain (a chrome/brave/firefox extension that allows you to securely login to various Steem apps)
- Login to Steemleo.com, signing the transaction with Keychain
Boom! He’s all set and secure. His master password is securely stored in 2 locations and now he can do everything he needs to do on Steem with his posting, active and memo keys.
This hierarchical private key structure is extremely underrated on the Steem blockchain. With Bitcoin, for example, you only get 1 private key for your wallet. So if you want to send a transaction, you need to find a way to securely enter that private key (or have a hardware wallet).
On Steem, you only need to make contact with your “master private key (master password)” 1 time when you create the wallet. So long as nothing bad happens, you’ll likely never need to touch that master password again.
You can login to most sites and post with your private posting key.
You can send transactions/power down with your active key.
You can encrypt and decrypt memos with your memo key.
If any of these keys get stolen, you can reset them with your master password. If someone steals your active key, then they can steal any liquid STEEM or Steem-based tokens from your wallet. However, if you are smart and keep your STEEM or Steem-based tokens powered up (vested), then the thief has to start a power down and wait for them to be unvested before withdrawing.
This gives you plenty of time to change your private keys and stop the power down. Locking the thief out of your Steem account and re-securing your money.
With enough education, we can show people that Steem has a robust way of hodling crypto. It’s secure and highly functional as you can login to any Steem-based app and trade any Steem-based tokens. One account to rule them all.
Oh heaps of education, I've literally had people try to give me their keys because they didn't want to figure out how to do something and I've had to teach them the importance of owning your own money.
The concept of owning your own money seems lost on us because we never had this responsibility before.
I do think it's still a bit of a hassle to manage, but a small price to pay for real ownership I suppose
@khaleelkazi, You've educated your friend responsibly and this Knowledge Transfer is very important because initially people can take the wrong turn if they don't receive inputs from the veterans of that space. Stay blessed.
Posted using Partiko Android
Sound advice and very simply put!
The more popular Bitcoin gets the more exchanges will get hacked. The more exchanges get hacked the more people will want to secure their own keys. When people realize they can secure their keys on Steem 1000 times better than Bitcoin this is a big deal.
I've even written about how we could turn Raspberry Pis into an airgapped hardware wallet using data phone cameras to bridge the airgap. This is even more secure than a hardware wallet, and cheaper and open source.
To listen to the audio version of this article click on the play image.
Brought to you by @tts. If you find it useful please consider upvoting this reply.
👍
~Smartsteem Curation Team
Hi, @khaleelkazi!
You just got a 14.57% upvote from SteemPlus!
To get higher upvotes, earn more SteemPlus Points (SPP). On your Steemit wallet, check your SPP balance and click on "How to earn SPP?" to find out all the ways to earn.
If you're not using SteemPlus yet, please check our last posts in here to see the many ways in which SteemPlus can improve your Steem experience on Steemit and Busy.
Nice a brother
You have been curated by @hafizullah on behalf of Inner Blocks: a community encouraging first hand content, with each individual living their best life, and being responsible for their own well being. #innerblocks Check it out at @innerblocks for the latest information and community updates, or to show your support via delegation.