Keeping Your Steemit Account Password Secure

in #steem8 years ago (edited)

Just because the password is long it doesn’t mean you are safe.

There are many other ways to get ahold of a password other than brute force. With the recent increase in price and popularity of steem, the risk of your accounts being attacked is increasing daily.




Basic Security


Steemit has multiple private keys for a reason, use them.

To find them first you go to wallet, and click on permissions. Then you just click on show private key and then you can log in with that. The typically use the posting key when using my account normally. It can’t send transactions but it can still upvote and make posts. The Active key allows you to make transactions, including: powering up/down, moving stuff out of savings, and transferring steem/sbd. The owner key allows you to do all those, as well as change them. This is the password you were given when you created your account.

Do not store your password online unencrypted. Storing it if offline on your computer(s) is safer. Although, you shouldn't do this on a public computer. If you believe somebody else is using your account, change your password. That will change all the other keys too.




Mid-level Security


Some of you have thousands of dollars or more in your account. You might want some additional security. My advice at this point is to keep your password completely offline. You could either write it down and keep it in a safe place or keep it on a usb drive. Keep it somewhere hidden, so that nobody stumbles onto it by accident. Using your active and posting keys instead of your password is also a must.

At this point some may consider changing their password regularly. The steemit password is long enough that brute force is unlikely to crack it. Changing it often decreases the chance that brute force can crack it, but there is little other reason to do it. Nobody who gets ahold of the password will keep it the same for long, they will try to take control as fast as possible. You should still change your password after any lapse in security, those happen often enough either way.




Paranoid level Security


Some people have hundreds of thousands of dollars in their account, sometimes you need to go overboard. At this point you should always encrypt your passwords. I typically save my passwords in a text file and then encrypt them using gpg on linux . Next I store them offline in multiple usb drives in distant locations, so that if something happened to one area the rest would be safe. (I have also uploaded my encrypted passwords to google drive, behind a 30 character encryption password, just to be safe.)

At this point you should also worry about malware. Windows computers are especially prone to get them. This means a good anti-malware is a must. If you have a good understanding of computers or are willing to learn, Linux will turn out to be a better option. Linux is more secure and some distributions can encrypt files without downloading extra programs.




The more secure everyone's password is, the less likely hackers are to go after any of them. That ends up helping everyone.




Want to learn more science and computer science? Subscribe and Upvote!

Sort:  

Thanks for friendly reminder! It is about time we start taking that seriously :)

Thank you sir for the writeup and tips, I pretty much secure all my stuff at Paranoid level security. This is a good reminder, and super helpful for all the influx of crypto noobs and the fact that never before has a social network account had the ability to store hundreds to thousands of dollars.

Cheers!

Upvoted. Resteemed. Following.

Upvoted the post, resteemed it and already followed

very smart post. Most people don't realize this stuff..... Just upvoted and followed

@evanrvoss

That's the same combination I have on my luggage!

This post received a 13% upvote from @randowhale thanks to @anarchyhasnogods! For more information, click here!

Hello ! Can I translate your post in french ? I'm sure a lot of peoples could be interested !

yeah sure, the more people who see it the better.

I just printed my password on a bumper sticker and have it on my rear truck bumper. I take it that is not recommended?

I'm not sure, send me a picture.

LOL. You guys are quick. Love the humor!

I just got my account approval the other day and have yet to get any good content up, but I have to say that this was excellent advice for a newbie. Thanks for sharing such great info! Now I can ensure proper account security.

GOOGLE DRIVE IS NOT SAFE FOR PASSWORDS

I encrypted them beforehand don't worry

yeah