Are you sure you have to change your password every 30 days to recover it? I thought you simply had 30 days to recover your account. Meaning, the new password doesn't become permanent for 30 days.
How does the stolen account recovery process work?
If your password has been changed without your consent, then the account designated as your recovery account can generate a new owner key for the account. The account recovery must be completed within 30 days of the password being changed, and you must supply a recent owner key that was valid within the last 30 days.
Steemit Inc. owns the default recovery account (@steem) for all users who sign up using Steemit.com. Steemit can identify users by their original email, Facebook, or Reddit logins that were used to signup via Steemit.com.
If you don't have the master password or owner key that was valid the past 30 days, or are unable to prove that you are the original owner of the account, then your account will be unrecoverable.
You do only have 30 days to recover your account, but yeah I'm pretty certain you need to change your password too... it won't count as "recent" if it's past 30 days old, via the links I put in my post. And if it doesn't count as recent, how I understand it, is that the blockchain won't have anything to associate with your authority and ownership with the account. I'm not an expert, but that's how I understand it. :)
I'm also curious about the 30 days so I actually dug into the steem code and found this:
It sounds like you need to just login every 30 days, not necessarily change the password, but it's still a little ambiguous. This is the best authority I could find so if anyone more knowledgable sees this, please comment and help us all to understand!
I by no means am a SteemIt expert, I'm still a minnow, so if I did have it wrong by all means someone correct me. This is how I understand it, because of a steemit post by @someguy123 that reads:
"The important thing is the recent password.
The STEEM blockchain knows the history of your account, and every owner key that has ever been used for it. When you enter your recent password, it uses that to generate an owner key that can match up to a previous owner public key on the account. Without that password, the trustee cannot do a thing...Small note: The "old owner key" has to be recent, which as far as I'm aware means active within the past 30 days (someone please correct me if I'm wrong)" Read his full post here
Again, this is just how I understand it. After this I am going to change my password recently to prevent this, just to be safe.
Oh, I guess it does say "active" within the last 30 days... so looking into the logistics of what that means might be helpful.
.
I think it's insane that there are just bots trolling every post just on the off chance that someone accidentally posts a key. Seriously how big of a douche do you have to be to put time into programming that?
I KNOW! It's absolutely crazy!! Clever, but fucked up!
Where there is financial gain, people will look for opportunity to take advantage of a quick mistake it seems. It must happen often enough for it to worthwhile to have a process to harvest it. Maybe a future feature of Steemit is to do a syntaxes check like the bot is doing and warn the poster to confirm before making the post to mitigate the oops scenario?
@jeftek, that is a really fantastic idea! Have you ever logged in through minnowsupport steem -- mspsteem.com? It's a platform that looks and functions exactly like this steemit does, saves all your info, and is run by the minnow support project. I think they actually do have a feature similar to what you are talking about.. because I will tell you a secret.. when I logged in through there and made a post a few weeks ago I accidently did copy & paste my password, and it wouldn't let me make the post. A notice popped up that said "you are attempting to publish your master password and we don't allow that".
Check out my comment at the top of this post, I explained some things in detail.