Navigating Steemit and the Cryptosphere: Are Your Keys Safe? Really?
For many people, the Steemit experience is their first venture into the world of blockchains... and — for that matter — into the world of social content creation.
I have repeatedly been amazed at how many people here have never had a social media account of any kind, before starting here! Or they might have had a Facebook account that they hardly ever used, and they definitely haven't blogged before.
Most of us, however, are not new to the Internet and the online environment, as a result of which we are also not new to such things as passwords and online security. We use online banking, and perhaps use services like PayPal or Venmo.
The unfortunate result, alas, is there are certain things we perhaps either take for granted, or are a little bit too quick to "assume we know."
Your Crypto Keys
When you join Steemit, you are given a set of "keys" which are very long alphanumeric strings that essentially serve as your passwords. That part is easy enough to understand, but the very important point that most people miss is that these are not like normal passwords!
Most specifically, what's radically different here is that there is no "forgot your password?" option for when you mess up. Besides, who can actually remember such a long alphanumeric string? What's also different, is that you can't just take the "long string of numbers and letters" and reset your password to something more memorable like "PurpleElephants1103." If you do reset your password here, you'll just auto generate a new very long string of letters and numbers.
Back That Stuff Up! No, REALLY!
When you create your account here, you are also asked to "save" your keys in a safe place.
That is serious business! Your keys (aka: Passwords) not only are what allows you to access your content and post here, they are also what allow you to access your wallet and do things with your earned rewards.
If you don't have your keys, you can pretty much kiss your stuff — including your money — goodbye!
I have my keys backed up in multiple locations. Perhaps that's overkill, but perhaps it's not.
One backup exists as a locked PDF document on a thumb drive I always keep in my laptop case.
One backup is a printed copy of that PDF, folded and stuffed into my (physical) address book.
One backup is in a free-standing password minder I keep.
One backup exists in a secured double-passworded 2FA "vault" in the cloud.
NONE of these actually say what these long alphanumeric strings are the keys TO, although I'm sure a determined person could figure it out... but they'd have no username to match the keys to.
Keep it CURRENT: A Cautionary Tale...
One of the things I learned the hard way happened last December when the primary drive in my desktop computer failed and became essentially unreadable.
Much to my horror, I realized that I had actually created a couple of new accounts with crypto keys since the last time I had bothered to go through the process of keeping all my backups up to date! What's more, this also happened at pretty much the exact time Steemit started also distributing TRON rewards. So, I didn't have a backup of my TRON keys!
Firsthand, I got to experience the vague horror and distress that goes with know that something "is just gone." It wasn't a super big deal... but about US $300 is US $300, no matter how you turn it. And we're pretty poor, by local standards.
In this particular instant I got very lucky because I remembered I had a saved "restore point" residing on a secondary hard disk... and I was able to retrieve the data files — including a copy of the PDF document with the latest versions of my keys — from there.
That little experience only served to reinforce the need for various backup methods.
So, whatever you do, always make sure that you are really backed up, and that those backups are kept current at all times!
Thanks for stopping by, and have a great weekend!
How about YOU? Have you backed up your keys? Are you certain you have backup copies away from the computer and the web? When was the last time you made sure they were CURRENT? Do leave a comment — share your experiences — be part of the conversation!
(All text and images by the author, unless otherwise credited. This is ORIGINAL CONTENT, created expressly for this platform — NOT A CROSSPOST!!!)
Created at 20211126 21:49 PST
x312
These are really very important things, our passwords and security are what we should pay special attention to. Because on the other hand, there are those people who get their goals by dirty work (hacking) and thus destroy our goals and many years of work.
Thank you friend @denmarkguy for pointing out the importance of protecting our accounts on this platform.
You definitely can't be too casual about it, these days! It just feels like more and more individuals are trying to gain from engaging in "shady" dealings... at the expense of others.
I'd sure hate it if my life savings (and they are not even that much!) were to vanish because of some hacker!
Hi there! Thanks for sharing your post. Back in March of this year, my account was compromised. We should be particularly concerned about our passwords and security. Phishing happened to me. I wasn't paying attention and clicked on the site. It was too late for me to notice that the link I was visiting was a phishing site. Linking accounts and wallets to specific devices and securing them makes perfect sense.
I'm sorry to hear that!
Sadly, I have seen quite a few Steemit accounts get appropriated over the years; often because someone copy/pasted their keys in the wrong place when making a transfer. Unfortunately, there are people who are constantly scanning blockchain transactions to see if someone made a mistake somewhere... and they will empty your account in a matter of minutes.
That's exactly how it is. I'm a data security freak anyway, so certain mechanisms are simply worked through reflexively.
By the way, I agree with you: the cryptic keys can certainly be read out if the appropriate technology is used - in this respect, I think it would make sense to link the accounts and wallets to certain devices and their Mac addresses...
Genau so ist es richtig. Ich bin ohnehin ein Datensicherheits-Freak und so werden bestimmte Mechanismen einfach reflexartig abgearbeitet.
Im Übrigen stimme ich Dir zu: die kryptischen Keys sind sicher bei Einsatz entsprechender Technik auslesbar - insofern fände ich Kopplung der Accounts und Wallets an bestimmte Geräte und deren Mac-Adressen durchaus sinnvoll...
I'm paying a lot more attention to security than I used to, mostly because of the increased number of warnings I seem to be getting. I like to think that those warnings are also part of a better effort by the organizations I deal with to keep their transactions monitored.
Que bellezas de flores y fotografía.
Bendiciones 🙏🏻🇻🇪❤️
Thank you!
Thats a great post my friend
Thank you!
Great information! Great pictures!
Thank you.