You are viewing a single comment's thread from:

RE: Memos, keys and passwords, Balrogs and Fields of Despair. Be safe. Almost $100k wasn't.

in #steem7 years ago

Ad. 1. Saving password in your browser is as safe as the weakest link in the chain: browser - operating system - computer. Up to date Chrome browser is a safe choice. Make sure you don't use any shady extensions. Also, make sure that this is not the only place where your password is stored (what if you lose access to it?).
Also:
Using appropriate keys > Using Master Password

Ad.2. That P5.... thing is the Master Password. Under the hood it does nothing except being a source for your keys that are derived from it and used when appropriate. So you can use Master Password for posting and same Master Password for transferring funds. That's for convenience. For better security it's better to posting / active when needed.
There's no way currently to display owner key in the browser, but you don't really need it when you have Master Password that can serve same role (also for account recovery).
If you really want to you can use cli_wallet for that:
get_private_key_from_password angusg owner P5HerePutYourMasterPassword

Ad.3. When any service asks you for your password / key you should be very careful and general rule is to refuse if you are not absolutely sure that it's ok.
streemian is a well known service made by a reputable steemian - @xeroc
If you trust that site and its owner then you might want to take that risk.
I did with my gandalf account. :-)
Streemian is using your Private Active Key to sign transaction that adds appropriate posting authority to your account, so later on Streemian can do voting on your behalf (without knowing your Private Active Key or even your Private Posting Key). That's proper way of doing things. Currently however, it's even better way to do that without worrying about entering your key to a unknown site. It's called SteemConnect v2.
If you have any doubts - change your keys to be sure.

Ad. 4. Yes. Changing password changes your Master Password, from new one new keys are derived and replace old ones. Changing initial password is not required.

7 years ago in #steem by
$0.00
    2 votes
    Reply 4
    Sort:  
  • Trending
    • [-]
     7 years ago  

    Thank you Gandalph! That really puts my mind to rest also thx for the cli_wallet tip. I signed up for SteemConnect V2 yesterday after reading your article and I'm just figuring that out. I'm also going to check my Google extensions and disable any I'm unsure about. I don't have many. I've backed up my keys and password and I think I'm going to take the risk on Streemian because I already connected for my Discord verification.

    I can see that the possibilities for services and apps that extend Steemit is almost limitless, so security is always going to be one of the biggest nightmares.

    Thank you for caring about our security and wellbeing and for taking the time to spell it out so clearly!

    $0.00
      Reply
      [-]
       7 years ago  

      Just curious (not sure if I understand correctly)

      I'm going to take the risk on Streemian because I already connected for my Discord verification.

      How are those two things related?

      [-]
       7 years ago  

      I thought I remembered having to connect Streemian in order to registering for the PALnet/MinnowsSupportProject on Discord but it was actually just through my main Steemit wallet. Was hunting just now for the first post I followed that had the instructions and it was this one.
      https://steemit.com/minnowsupportproject/@discordiant/registration-tutorial-msp-palnet

      So I couldn't remember what it was I'd been asked to do in Streemian then I remembered it was this post which was to do with joining TeamAustralia instead, I was following the instructions about halfway down.
      https://steemit.com/teamaustralia/@scooter77/supporting-centerlink-and-teamaustralia-all-sbd-from-this-post-donated-to-centerlink-program-how-can-you-ensure-your-upvoting

      On Discord one of the instructions in the pinned messages on the teamaustralia page registration was to follow the banjo bot and minnowssupport bots and send them $0.01 each to authenticate, then to go to steemvoter and set up a rule to follow minnowsupport, then to go to Streemian, authenticate the Streemian account also with $0.01 then follow the @centerlink curation trail, then to let an admin know.

      Can't remember the exact order I did it in. I just remember that the first time I logged onto streemian they had two authentication apps and the first one crashed and went to an unlocked (not https) page and the second one was a .js app and worked okay. I'm on windows 7 so it may be different for a mac user.

      $0.09
      • Past Payouts $0.09
      • - Author $0.07
      • - Curators $0.02
      1 vote
      Reply
      [-]
       7 years ago  

      OK, thank you for clarification.

      $0.00
        Reply