I Heard of Several Accounts Compromised Lately.
When I first got to this blockchain almost three months ago - it was around the time of the wallet memo security warnings. Turns out they were phishing for master passwords and they had some success. A slew of posts went up alerting people to use their posting keys - I read one - and I found my posting key. Thank goodness for that, because - for whatever reason - I hadn't found my different keys before then, and I had always logged on with my master key.
So, if this post helps in any way - let it be a reminder not to login with the password you received when you first signed up - do some digging in your wallet and find your posting key. Use that as much as you can. The only other key you should be using is the active key. Why? Because with your master key you can always retain control of your account.
Passwords or Keys?
One more note about keys versus a password. Password is the concept I came in with because it's the one I am most familiar with, but I have experience with "keys." At work (I work in a manufacturing plant) everyone is given a set of keys (physical and electronic). Each employee is granted access to the areas they work, their lockers, and the building in general. The keys are quite specific. Only maintenance has the key to the maintenance shed. Only HR has access to the HR office. Security has a master key - The building manager has a master key. You don't give the master key to the brand new employee. You don't give the master key to a visitor or a contractor. Use your keys wisely.
But - the manufacturing plant has a flaw. If the building manager drops the master key - anyone that picks it up can use it (the physical key - until the locks are changed / the electronic key - until the permissions are removed). And so it is with your keys on the STEEM blockchain. Unless you encrypt your keys. If an application or virus can see your keys - they can use them to gain access to your account. In other words - if you use your phone and copy/paste your keys when steemit asks for them - any application that has access to your clipboard can see them.
If you already knew all of that - how do you save your keys? Me - I use a password manager. I wouldn't presume to understand how it works - I am no expert - "We’ve implemented AES-256 bit encryption with PBKDF2 SHA-256 and salted hashes to ensure complete security in the cloud. You’ll create an account with an email address and a strong master password to locally-generate a unique encryption key." Source But if a password manager doesn't sound like something for you - never fear - you have options.
Encryption
Encryption is like a secret code - it protects a random user from using your keys even when they have your keys - and you can come up with your own secret codes. Like a code to a safe - where you store your passwords - physically. Or you can keep your master key in a deposit box. But still - someone who got your keys could use them. So we can go further. You can add 4 characters to the end (or beginning) of your key (or even in the middle - or spread apart - every 5th letter needs to be removed to reveal the true key) so that someone with your key wouldn't be able to use it. Or you could capitalize the 3rd lowercase letter (and only you know which one you capitalized). You can add your sister's initials into the middle of the key. You can do any number of things to your key itself that only you know how to undo. Just remember - you might need to use your key someday too - so don't forget how to access your keys. That's what encryption is about - even if someone knew your key - they wouldn't be able to use it AND you can use it anytime you want.
I trust that my password manager is properly encrypting my information, and find it very useful to improve the difficulty of my keys on every site (and I am on a lot of sites). I have been hacked in the past, and I sacrifice a bit of control for the peace of mind that my information is difficult to brute force. I completely understand if you don't want to give up the control - and would rather take your encryption in your own hands. As long as you know what you are doing - you are perfectly capable of doing so.
Be Careful
Be careful using your keys and be careful storing them. They are your keys to the STEEM blockchain and everything therein.
Happy steeming!
I get a lot of help from these discord communities: The Writer's Block and VOTU. If you are looking for a good place to spend your time with fellow Steemians that will help you grow - join either one (or join both).
Thank you for sharing this very informative and helpful security tips @steemitgraven29 ! Resteemed.
You are welcome and thank you. I really was using my master password for my first week here. I didn't know better. I hope I can help at least one person not to make that mistake.
Excellent post, and it helps me understand keys better. Your tip about your sister's initials is brilliant! Thanks for sharing these tips and creating such an informative post! 😊
You are welcome and Thank you. I just hope everyone can keep their accounts safe so they can keep steeming!
This is great advice! I'm definitely employing some of these suggestions.
Thanks. My hope is that no one else does what I was doing my first week.
the relation of the steem blockchain key is awesome. it grants full understanding.......
its good to share these stuff lots of newbies dont know, they guess the master key is all< and keep login in here and there
Yes. That is what I was doing. It wasn't til I saw some posts explaining the keys that I realized the mistake I was making. I am hoping I can help someone else - the way I was helped.
This will be really helpful and reminder for us as well. We should be very careful about our password and keys.
It is important that we are all careful. Hopefully no one else will lose an account.
Hè hon, look at this @amsterdamlife. Thanks for sharing @steemitgraven29
Nice, thanks you for your sharing, very useful. I will wait for the next share.
Support me @fremy please vote and resteem. Thanks a lot
@originalworks
The @OriginalWorks bot has determined this post by @steemitgraven29 to be original material and upvoted it!
To call @OriginalWorks, simply reply to any post with @originalworks or !originalworks in your message!
Youve been very helpful. Thanks for the tip.
@steemitgraven29 this post was presented at the most recent Pimp Your Post Thursday on the Steemit Ramble Discord. I have written a post to share your featured post. Just stopping back to let you know that you can see your name in lights right here. (Just kidding about the lights :)