Steemit Newbies: Make sure to save your private keys!!!
Backup your private keys!!!
If you are new to Steemit and/or the idea of blockchains, crypto currencies, etc..., you may not know that in addition to your Steemit.com password that you set when you made your account, you also have a set of private keys that you can use to recover the funds from your Steem wallet in the unfortunate event that Steemit.com is down, or if the website developers decide for any number of reasons to block your account. As stated in the terms of service, you are responsible for storing your private keys in order to maintain control of your wallet and funds. What does this mean for typical users? Just take 5 minutes to follow the steps below to ensure that you have a backup of your keys at least somewhere.
1. While logged in, click on the little profile person button in the upper-right corner.
2. Go to the permissions page.
3. Click 'show' next to each of the four listed keys
4. Save the private keys
Once you click 'show' to reveal your private keys, an option to print the page will appear. If you have a 'dumb' printer, this is a reasonable option to keep a paper backup of your keys. Otherwise, if you have only small amounts in your wallet, printing to a pdf file is a reasonable decision, although a better decision would be to print to a truecrypt volume for example.
*Note: I've covered up both my private and public keys, mostly because I was paranoid I would accidentally show the wrong ones, but everyone's public keys are available at the links steemit.com/@username/permissions.
Another good security precaution is to only login to this website with your Posting Key.
When logging in with your Posting Key any wallet transactions should take additional authentication using your Owner Key. If the pc, website, or connection is compromised the attacker would only be able to send messages and not steal your whole account.
Good point. I hadn't thought about that.
If you have the password, you have your private keys. If you have your account name, you have your public key. Recovery on other interfaces is as simple as that. This guidance is extra, perhaps unnecessary steps.
I was going to write a similar post. I do think backing up the key is important and people should be reminded of that. People forget passwords all the time.... I barely remembered mine because I use the auto-login feature and never use the password. I assume there is no password recovery system yet? If not maybe warning users to make sure they remember or write down their password would be a good warning post? Thx.
In one way or another .. the info should be backed up by the user. Steemit can't take on the liability and do password recovery, unfortunately. More warnings/reminders would be good.
In the future, perhaps multi sig with a trusted password recovery partner?
Hi @ned, does that mean that the private keys are actually generated through a hash of the steemit.com password? It was my impression that the private keys were stored encrypted in a steemit.com database, but I see now that is incorrect. Is the approach used effectively the same as that with brain wallets, for example? Thanks.
Yes, brought together by hash. Private keys / passwords are strictly on the blockchain. I believe that is analogous to typical brain wallets.
Agreed, but having your keys and password stored offline is always a good idea!
What do I do if there is no 'show private key' button next to the "OWNER"?