You are viewing a single comment's thread from:

RE: Dummies Guide to Basic Steemit Account Security + Account Recovery Guide! Must Read For Steemit Users!

in #steemit8 years ago

Great info, but still confused about the 30 day rule. Let's say your account is 40 days old. Can you still do the account recovery?...If so, would you still need the original pw...or just the pw from 10 days of age?

Sort:  

It's not the age of your account, it's the time since your account was compromised. If someone gets your password, logs in, and then changes the password - thereby locking you out, you have 30 days from that point to discover and address the problem.

Let me ask another way. Can my original pw be used to recover my account once my account is more than 30 days old?

Even if I have changed my original password?

I created my account using anon.steem so just trying to figure how secure it is since their system gave me my original password, which I have changed since then. But if my original password can be used to recover my account, then what's the point of changing my pw at all.

Your question makes a lot more sense with the anonsteem info. I don't have a for sure answer for you. Accounts are created by other accounts, and the creating account becomes the "recovery partner." Accounts registered through Steemit have the @steem account as their partner, so they would verify your identity if an account recovery was needed.
Your account created with @anonsteem will have them as your recovery partner, and I am honestly not sure if they provide continued support after account creation, so recovery may not even be an option. Definitely a good question to ask of them!
I've also created an account now using SteemConnect, so one of my accounts is the recovery partner for my other account! I have no idea how I would go about serving as a recovery partner, I have a feeling it involves a lot of backend stuff and there are no good user interfaces designed for it yet. I also don't know if it's possible to delegate a new recovery partner by choice.
But... to somewhat answer your question... let's assume someone has your old password and there is a recovery partner ready and waiting. If they try to take over your account by fraudulently "recovering" it, they should only have a 30 day window from when you changed the password. So if you've had your new password for more than 30 days you should theoretically be safe.

Thank-you for helping out. Your explanation sounds very logical. I would expect the same thing as what you said. The account should be safe after 30 days have passed from the date of making a new password.

Got it, that makes sense. Thanks for the help!

You are now adding more details to your original question.
First of all, to recover using the Steemit recovery states that you must have set steemit as your trusted partner. By using anon.steem to set up the account, I bet that was not done. So recovery would likely not succeed in that case. I'm definitely no expert on the subject, but I have read about it and try to help others understand to the best of my ability. Now we are getting out of that range. Sorry.

Yeah, sorry just trying to figure out how to be safe. I was on a waitlist for over a week so went the anon route after seeing it as a possible solution on the help section. I know it complicates things.

@bryan-imhoff thanks for responding. :)

No prob, I just hope I'm not giving any misinformation! I know enough to get into trouble I guess... Account recovery seems to be an undeveloped tool with a lot of questions surrounding direct registrations, as I mention in my above comment. I'm curious if anyone has any answers for this that I could learn!

@financialcritic Yes. Account age is irrelevant. One can only attempt account recovery within 30 days of hostile take over. Which if you use your account daily is easily known. For someone who's account has been hacked comes back after 30 days of theft or loss of master password then it would not be possible to recover.

Thanks. I'm just trying to figure why I should bother to change my pw at all, if my original one can be used to access my account via recovery.

Because if you mess up in the process, lose your original key for whatever reasons or you don't get a response from Steemit when you shoot an email after attempting recovery then you are screwed! :)