I got locked out of My SteemIt exactly 4 days, 3 hours, and 36 seconds ago.
Ok, I'm kind of exaggerating. I didn't count it that closely, but it has been 4 very long days without SteemIt.
Why? How did I get locked out of my account?
Like a genius, I
published my password in a post... wasn't very careful with my password. So, my account got stolen.
First off, I would like to give a shoutout to @aggroed and @drakos for giving me information on how to get my account back and for talking me through the ways to do it. Also a HUGE thank you to @someguy123 for recovering my account for me with anonsteem!
This is going to be a bit of a long post, but I think it's important to share this information.
So, I will explain to you how exactly I lost my account, what I did to get it back, along with some tips to prevent this in the first place. This is some serious genius territory, right here.
How I managed to lock myself out of my account in the first place
In a short answer, I copy & pasted like a pro and didn't read my post over before I published it. I was intending to copy & paste a link, I pushed CTRL + V, published my post, and that was that.
And just so that you can fully comprehend the sheer brilliance of what I did, here is a picture to prove it:
Don't worry, that's not my password anymore. 😉 My password is a secret now. That is all I had to do, and I was immediately locked out. That's how easy it is to screw up all you have been working for on SteemIt.
As soon as I published that post I was instantly signed out of SteemIt. No, I didn't even have time to delete the post or change my password. It wasn't even 10 seconds and I couldn't get back in.
And it felt like the world was ending, it was terrifying. I thought I had lost my SteemIt account forever, and that my last 3 weeks spent on SteemIt meant nothing. I thought I was going to need to start over.
In my panic, once I realized what I had done, I went back and tried to edit the post and the little "edit" button wasn't at the bottom of my post. Huh, that's weird, I thought. It was because I was already signed out.
The reason for this is SteemIt bots. There are good bots on SteemIt, and there are bad bots. And some of these bots are programmed to scan for passwords. If it is a good bot that does this, chances are you will be able to recover your account and won't lose your money. If it is a bad bot that gets to it first, you will be locked out and the chance is there that you will lose everything in your account.
I am fairly certain it was a bad bot that got to my account, but I got lucky. I got lucky for a few reasons:
#1: I didn't have a large sum of money in my SteemIt account. I only had a few cents in there, lucky for me.
#2: I had recently changed my password.
Which brings us to...
Change your password at least every 30 days!!
SteemIt cannot recover a password if you lose it. And there is absolutely zero chance of your account being recovered if you don't have your most recent password.
A "most recent password" is a password that has been updated within the last 30 days. This is what will allow you to recover your account, should you ever need to.
What happened when the bot stole my account, was it generated a new master owner key, thus locking me out and taking ownership over my account. Right after I got locked out, I checked my steemd and noticed something curious.
Right when I published my post, it showed I updated my account data. I was like... ummm, no I didn't...
No. I didn't.
The bot did. That, right there, is the evidence that a bot changed my password and took authority over my account. I didn't do anything to my account settings that day.
But, if you have a most recent password, you will be able to recover your account and lock the bot out.
This works because in the account recovery process, if you have a recent password (and verification of your identity through email, or something else, more on that later), SteemIt will generate a master owner key to match your original password, from when you had authority of the account. This is because your password is stored in the blockchain for 30 days, with your account authority information. When it recognizes you have authority again, it will invalidate the bot's authority and lock it out.
Edited To Add: According to @someguy123, It is after 30 days since changing your password that the recovery window for your account is blocked. This is a built-in safety feature to protect accounts from hackers. So the biggest thing is making sure you keep your password somewhere safe so that you don't lose it, and making sure you have several copies of it is smart. How I understand it is you don't necessarily need to change your password every 30 days, but if you do it should keep your recovery window for your account open, in case you do need to recover it. So take that as you will, but I will DEFINITELY be changing my password frequently, just to be safe so that my account recovery window will stay open.
Again, this is why you need a recent password to recover your account!
Don't keep a large sum of money in your SteemIt account!
If I had just had a large sum of STEEM Dollars in my account, chances are, it would be gone by now. Luckily for me, I only had 92 cents because I am just starting to build my account and my following. So that must not have been enough money for the bot to bother with taking 😏.
So I would strongly recommend that you don't keep a lot of STEEM Dollars in your account at once. Once you get a pretty good amount I would either transfer it to STEEM Power, or cash it out. This way if your account ever does get stolen, you don't lose everything. I know I will be doing this.
Log in with you private posting key, not your master password!
I also learned through this mistake, something very important. Something I am glad I learned before I was too far into my SteemIt career.
If you are just logging into SteemIt to post and browse through posts, you only need to log in with your private posting key. You only need to log in with your master password when you are transferring money or updating your account settings. But if you log in with your private posting key, if you accidently make the copy & past mistake, it won't be quite as big of a deal. You should have time to edit your post and take it out, and it makes it harder for your whole entire account to get hacked.
To log in with your private posting key, go to your wallet > permissions and click on show private key to the right of POSTING. Copy & Paste that into your password box when logging in. It is infinitely more secure.
Ok, so, what to actually do if you do need to recover your account
First, stop panicking. Wipe your nose off and prepare to recover your account just as brilliantly as you lost it.
Also, prepare to be patient. This might not get you back into your account immediately.
There are a couple ways to go about this. Either way, you will need your most recent password and the email associated with your account.
First, figure out if your account was made with the classic SteemIt system, or if it was made using anonsteem.
One way to see how you were signed up is to check your steemd. You can do this by going to www.steemd.com/@yourusername. This is also a great website to check your voting power and bandwidth.
On the left side of your screen you will see a chart with lots of information about your account. This is all public and stored within the blockchain. Look to where it says "Recovery Account". If you were signed up using anonsteem, yours will look like this:
If you were signed up regularly, yours will say Recovery Account: steem.
If you were signed up using steem, you have to initiate SteemIt recovery within 30 days of losing your account. To do this you will need to click the three-line menu at the top right of your screen, and click "Stolen Account Recovery". You will then need to enter your most recent password and the email address associated with your account.
You also can do it this way if you were signed up with anonsteem, but there is a more effective way to do it, IF YOU WERE SIGNED UP USING ANONSTEEM. *
I didn't know about this option at first, so I initiated SteemIt recovery as soon as I got locked out. I still haven't heard anything back. Apparently SteemIt recovery is very blocked up, so it may take a while for you to get your account back this way. But if you do do it this way, you should eventually get an email back with a way for you to change your password.
However if your account was made with anonsteem, @someguy123 can recover it for you if you send him an email or a discord message or a steem.chat message. If you were signed up using anonsteem he is essentially the creator of your account, so he has the power to recover it. He will, again, need your most recent password and the email associated with your account, along with a way to verify your identity, so that he knows you really are the original owner of your account. Thanks to @aggroed to giving me the idea to contact @someguy123.
* EDITED TO ADD: You actually can't initiate account recovery through SteemIt if you were signed up using anonsteem... if you want to recover your anonsteem account, you have to recover it through anonsteem, which @someguy123 can do.
Getting My Account Back
@someguy123 got back to me earlier today asking for my most recent password, email, and verification of my identity.
Obviously email and discord aren't the most secure, so if a hacker can hack a steemit account, they could also hack them! So they only way for @someguy123 to verify my identity was to ask me for something no one else has access to.
My chicken. He wanted proof with my chicken. 🤣
One of my first blogs on steemit was about my pocket chicken. So he asked me to prove I still have my chicken by sending him pictures of my pocket chicken, next to a piece of paper that said "anonsteemzoey".
Well, I thought. At least he's being humorous about it 😂😂😂!
So, I sent him these pictures:
And, voila! He recovered my account.
I'm So Happy To Be Back!!!!
I'm so excited to be back on steemit, to learn and chat and grow with you all! I will definitely be more careful with my password in the future 😬
I hope some of you find this information useful! If you do, please upvote this post!
Also, thanks to @erinn for going around commenting on my posts to let people know about my stolen account! I have it back now!
Until Next Time,